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Primary ea : CVSS Source & Patch 
Vendor -- Product Desenpeon published Score Info 
A flaw was found in gdk-pixbuf in versions before 2.42.0. An 
integer wraparound leading to an out of bounds write can occur an 
: when a crafted GIF image is loaded. An attacker may cause aaa 
Gnome: gah pIKaus applications to crash or could potentially execute code on the pve) te2e 8.3 aor 
victim system. The highest threat from this vulnerability is to data FEDORA 
confidentiality and integrity as well as system availability. fee 
IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting 
lof all control requests in unauthenticated sessions. This allows a CVE-2020-4561 
ibm -- cognos_analytics remote attacker who can access a valid CA endpoint to read and 2021-06-01 io CONFIRM 
write files to the Cognos Analytics system. IBM X-Force ID: XE 
183903. 
There is a flaw reported in the Linux kernel in versions before 5.9 
in drivers/gpu/drm/nouveau/nouveau_sgdma.c in 
nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The 
; F issue results from the lack of validating the existence of an object CVE-2021-20292 
nee ne prior to performing operations on the object. An attacker with a eveie ee La MISC 
local account with a root privilege, can leverage this vulnerability 
ito escalate privileges and execute code in the context of the 
kernel. 
A vulnerability exists in the SAML connector of the 
github.com/dexidp/dex library used to process SAML Signature CVE-2020-27847 
: : Validation. This flaw allows an attacker to bypass SAML MISC 
Hintesfoundtation a5 authentication. The highest threat from this vulnerability is to eevee i MISC 
confidentiality, integrity, as well as system availability. This flaw MISC 
affects dex versions before 2.27.0. 
A flaw was found in the ZeroMQ server in versions before 4.3.3. 
This flaw allows a malicious client to cause a stack buffer overflow CVE-2021-20236 
zeromg -- zeromq on the server by sending crafted topic subscription requests and 2021-05-28 Lo. MISC 
then unsubscribing. The highest threat from this vulnerability is to MISC 
confidentiality, integrity, as well as system availability. 
Back to top 
Medium Vulnerabilities 
Primary as ‘ CVSS Source & Patch 
Vendor -- Product Beseriptien Published | Score Info 
Stack overflow vulnerability in parse_plus_minus Cesanta MJS Z : 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 7 a 
(DoS) via a crafted file. —— 
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Primary ae : Cvss Source & Patch 
Vendor -- Product Descmpren Published | Score Info 
Stack overflow vulnerability in parse_statement Cesanta MJS 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 peo 
(DoS) via a crafted file. (anaes 
Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, 
cesanta -- mjs allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 4.3 oe 
crafted file. a 
Stack overflow vulnerability in parse_comparison Cesanta MJS 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 oo 
(DoS) via a crafted file. —— 
Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, CVE-2020-18392 
cesanta -- mjs allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 4.3 MISC... 
crafted file. ame 
Stack overflow vulnerability in parse_equality Cesanta MJS 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 wee 
(DoS) via a crafted file. (mais 
Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, CVE-2020-36373 
cesanta -- mjs allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 4.3 MISC...” 
crafted file. isaac 
Stack overflow vulnerability in parse_statement_list Cesanta MJS 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 it aieasal 
(DoS) via a crafted file. feaeaeesi 
Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 7 ' 
cesanta -- mjs 1.20.1, allows remote attackers to cause a Denial of Service 2021-05-28 4.3 i rei 
(DoS) via a crafted file. rae 
Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, CVE-2020-36370 
cesanta -- mjs allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 4.3 ia: °° 
crafted file. (aaa 
Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, CVE-2020-36367 
cesanta -- mjs allows remote attackers to cause a Denial of Service (DoS) via a 2021-05-28 4.3 MISC. 
crafted file. = 
‘The css-what package before 5.0.1 for Node.js does not ensure CVE-2021-33587 
css-what_project -- css-what that attribute parsing has Linear Time Complexity relative to the 2021-05-28 5 MISC. 
size of the input. pe 
A NULL-pointer deference issue was discovered in 
GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a CVE-2020-18395 
gnu gama denial of service (DOS) via segment faults caused by crafted eel dae? 5 MISC 
inputs. 
IBM Security Verify Access 20.07 could allow a remote attacker to CVE-2021-20576 
ibm -- application_gateway send a specially crafted HTTP GET request that could cause the 2021-06-01 5 XF 
application to crash. CONFIRM 
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker 
, : ito obtain credentials from a user's browser via incorrect CVE-2019-4724 
ibm -- cognos_analytics : : 2021-06-01 5 XF 
autocomplete settings in New Content Backup page. IBM X-Force CONFIRM 
ID: 172130. eas 
IBM Cognos Analytics 11.0 and 1 -1 could allow a remote attacker CVE-2019-4723 
ibm2scoanes. analytics ito obtain credentials from a user's browser via incorrect 2021-06-01 5 CONFIRM. 
gnos_; y autocomplete settings in New Data Server Connection page. IBM = XE! 
X-Force ID: 172129. fea 
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker 
to obtain sensitive information, caused by the failure to set the CVE-2019-4471 
ibm -- cognos_analytics secure flag for a sensitive cookie in an HTTPS session. A remote || 2021-06-01 4 CONFIRM 
attacker could exploit this vulnerability to obtain sensitive XF 
information. IBM X-Force ID: 163780. 
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML 
External Entity Injection (XXE) attack when processing XML data. CVE-2019-4730 
ibm -- cognos_analytics A remote attacker could exploit this vulnerability to expose 2021-06-01 5.5 CONFIRM 
sensitive information or consume memory resources. IBM X-Force XF 
ID: 172533. 
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker 
: : to inject malicious HTML code that when viewed by the CVE-2020-4520 
ibm -- cognos_analytics : eas : 2021-06-01 6.8 XF 
authenticated victim would execute the code. IBM X-Force ID: CONFIRM 
182395. ae 
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML 
External Entity Injection (XXE) attack when processing XML data. CVE-2020-4300 
ibm -- cognos_analytics A remote attacker could exploit this vulnerability to expose 2021-06-01 6.4 CONFIRM 
sensitive information or consume memory resources. IBM X-Force XF 
ID: 176607. 
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker CVE-2019-4722 
ibm -- cognos_analytics to obtain sensitive information via a stack trace due to mishandling|} 2021-06-01 4 CONFIRM 
of certain error conditions. IBM X-Force ID: 172128. XF 











https://content.govdelivery.com/accounts/USDHSCISA/bulletins/2e2f0b8 





2/26 


6/7/2021 


Vulnerability Summary for the Week of May 31, 2021 
























































































































































vulnerability is to system availability. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Descmpron Published | Score Info 
IBM Security Verify Access 20.07 could disclose sensitive CVE-2021-20585 
ibm -- security_verify_access information in HTTP server headers that could be used in further 2021-06-01 a XF 
attacks against the system. IBM X-Force ID: 199398. CONFIRM 
A Cross Site Request Forgery (CSRF) vulnerability was CVE-2020-26641 
idreamsoft -- icms discovered in iCMS 7.0.16 which can allow an attacker to execute |} 2021-05-28 6.8 MISC... 
arbitrary web scripts. = 
An authentication bypass vulnerability was found in Kiali in 
versions before 1.31.0 when the authentication strategy “OpenID* 
is used. When RBAC is enabled, Kiali assumes that some of the CVE-2021-20278 
kiali -- kiali token validation is handled by the underlying cluster. When 2021-05-28 5.8 MISC 
OpenID ‘implicit flow’ is used with RBAC turned off, this token MISC 
Validation doesn't occur, and this allows a malicious user to 
bypass the authentication. 
An exposed remote debugging port in Naver Comic Viewer prior CVE-2021-33591 
naver -- comic_viewer to 1.0.15.0 allowed a remote attacker to execute arbitrary code via||_ 2021-05-28 6.8 CONFIRM! 
a crafted HTML page. ae 
A flaw was found in OpenLDAP in versions before 2.4.56. This oi ic 
flaw allows an attacker who sends a malicious packet processed aie 
ppenidap:=-apenidap by OpenLDAP to force a failed assertion in csnNormalize23(). The evelyee 2 Pee hid 
highest threat from this vulnerability is to system availability. MISC 
When using a sync_repl client in 389-ds-base, an authenticated CVE-2021-3514 
redhat -- 389_directory_server attacker can cause a NULL pointer dereference using a specially 2021-05-28 4 MISC... 
crafted query, causing a crash. ——— 
A flaw was found in keycloak in versions before 13.0.0. A Self 
Stored XSS attack vector escalating to a complete account 
= takeover is possible due to user-supplied data fields not being 05. CVE-2021-20195 
a properly encoded and Javascript code being used to process the ene ees 58 MISC 
data. The highest threat from this vulnerability is to data 
confidentiality and integrity as well as system availability. 
A flaw was found in Keycloak before version 12.0.0 where it is 
possible to update the user's metadata attributes using Account CVE-2020-27826 
redhat -- keycloak REST API. This flaw allows an attacker to change its own NamelD]} 2021-05-28 4.9 MISC... 
attribute to impersonate the admin user for any particular —— 
application. 
A cross-site scripting (XSS) vulnerability has been discovered in CVE-2020-26642 
seacms -- seacms the login page of SeaCMS version 11 which allows an attacker to || 2021-05-28 4.3 MISC... 
inject arbitrary web script or HTML. ——— 
A flaw was found in spice in versions before 0.14.92. A DoS tool 
: : F might make it easier for remote attackers to cause a denial of CVE-2021-20201 
spice_project -- spice : : : Cen 2021-05-28 5 MISC 
service (CPU consumption) by performing many renegotiations MISC 
within a single connection. i 
ann Hewliisscprolect=carinn: The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for CVE-2021-33623 
newlines Pro} Node.js has an issue related to regular expression denial-of- 2021-05-28 5 MISC 
service (ReDoS) for the .end() method. CONFIRM 
Back to top 
Low Vulnerabilities 
Primary ore P Cvss Source & Patch 
Vendor -- Product Desenpeen Published Score Info 
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site 
scripting. This vulnerability allows users to embed arbitrary CVE-2019-4653 
ibm -- cognos_analytics JavaScript code in the Web UI thus altering the intended 2021-06-01 3.5 XF 
functionality potentially leading to credentials disclosure within a CONFIRM 
trusted session. IBM X-Force ID: 170964. 
IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site 
scripting. This vulnerability allows users to embed arbitrary CVE-2020-4354 
ibm -- cognos_analytics JavaScript code in the Web UI thus altering the intended 2021-06-01 3.5 XF 
functionality potentially leading to credentials disclosure within a CONFIRM 
trusted session. IBM X-Force ID: 178506. 
A flaw was found in the Linux kernel in versions before 5.4.92 in 
: : the BPF protocol. This flaw allows an attacker with a local account CVE-2021-20239 
ene to leak information about kernel internal addresses. The highest euelvees a1 MISC 
threat from this vulnerability is to confidentiality. 
A NULL pointer dereference flaw was found in the SCSI emulation 
support of QEMU in versions before 6.0.0. This flaw allows a ics ania 
qemu -- qemu privileged guest user to crash the QEMU process on the host, 2021-05-28 2.1 MISC 
resulting in a denial of service. The highest threat from this MISC 
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Severity Not Yet Assigned 
































































































































aa lke een Description Published aed —. Pon 
1CDN is open-source file sharing software. In 1CDN before 
Gdn ted commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a Rotvet CVE-2021-32616 
basic cross-site scripting vulnerability that allows an attacker to 2021-05-28 ecuatd CONFIRM 
inject /<script>//code</script> and execute JavaScript code on the MISC 
client side. 
It was found that all versions of 3Scale developer portal lacked 
3scale -- developer brute force protections. An attacker could use this gap to bypass 2021-06-01 not yet CVE-2021-3412 
login controls, and access privileged information, or possibly calculated |MISC 
conduct further attacks. 
aomedia -- libaom aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 not yet EVE-2021-30474 
2021-06-02 MISC 
has a use-after-free. calculated MISC 
aomedia -- libaom aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 not yet eVE-2021-30475 
2021-06-04 MISC 
has a buffer overflow. calculated MISC 
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL not vet CVE-2021-25640 
apache -- dubbo method will lead to the bypass of white host check which can 2021-06-01 eaiucied MISC 
cause open redirect or SSRF vulnerability. MLIST 
Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic 
calls to arbitrary methods exposed by provider interfaces. These 
invocations are handled by the GenericFilter which will find the 
service and method specified in the first arguments of the 
invocation and use the Java Reflection API to make the final call. 
The signature for the $invoke or $invokeAsync methods is 
Ljava/lang/String;[Ljava/lang/String;[Ljava/lang/Object; where the 
apache — dubbo first argument is the name of the method to invoke, the second not yet pee dee Fa 
: ; : 2021-06-01 MLIST 
one is an array with the parameter types for the method being calculated MISC 
invoked and the third one is an array with the actual call ——— 
arguments. In addition, the caller also needs to set an RPC 
attachment specifying that the call is a generic call and how to 
decode the arguments. The possible values are: - true - raw.return 
- nativejava - bean - protobuf-json An attacker can control this 
RPC attachment and set it to nativejava to force the java 
deserialization of the byte array located in the third argument. 
Each Apache Dubbo server will set a serialization id to tell the 
clients which serialization protocol it is working on. But for Dubbo 
versions before 2.7.8 or 2.6.9, an attacker can choose which 
serialization id the Provider will use by tampering with the byte 
apache -- dubbo preamble flags, aka, not following the server's instruction. This 2021-06-01 not yet |CVE-2021-25641 
means that if a weak deserializer such as the Kryo and FST are calculated |MISC 
somehow in code scope (e.g. if Kryo is somehow a part of a 
dependency), a remote unauthenticated attacker can tell the 
Provider to use the weak deserializer, and then proceed to exploit 
it. 
Apache Dubbo prior to 2.7.9 support Tag routing which will enable 
a customer to route the request to the right server. These rules are 
ppachoGnvEe used by the customers when making a request in order to find the || 2021-06-01 Brake oe 
right endpoint. When parsing these YAML rules, Dubbo customers aan 
may enable calling arbitrary constructors. 
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing 
which will enable a customer to route the request to the right 
server. These rules are used by the customers when making a 
apache — dubbo request in order to find the right endpoint. When parsing these 2021-06-01 not yet. Ee eeeee ta 1S 
3 5 calculated |MISC 
rules, Dubbo customers use ScriptEngine and run the rule 
provided by the script which by default may enable executing 
arbitrary code. 
AAppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion 
appcms -- appcms vulnerability which allows attackers to delete arbitrary files on the 2021-06-03 ay ue 7 lial 
site. calculated |MISC 
AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site 
abpems = apPems scripting attack vulnerability which allows the attacker to obtain 2021-06-03 not yet |CVE-2020-36007 
gies : calculated |MISC 
sensitive information of other users. 
AAppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion 
appems —apPeMms: vulnerability which allows attackers to delete arbitrary files on the 2021-06-03 not yet a 
site calculated |MISC 
AppCMS 2.0.101 in /admin/download_frame.php has a SQL 
ap ReMns'-aPPeMs injection vulnerability which allows attackers to obtain sensitive 2021-06-03 hotyet | evE-2020-s6004 
P : calculated |MISC 
database information. 
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content to site/index.php/admin/pages/update. 

















Prima’ ar, : CVSS Source & Patch 
Vendor -- Praliek Pescmpron Published | Score Info 
F Multiple buffer overflows in the (1) cdf_read_sat, (2) 
Apple somuliple predicts cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file || 2021-06-02 ————— 
before 5.02. calculated |MISC 
apple -- multiple_products Multiple integer overflows in the (1) cdf_read_property_info and 2021-06-02 not yet ||CVE-2009-0947 
(2) cdf_read_sat functions in file before 5.02. calculated ||MISC 
auth0-lock is AuthO's signin solution. Versions of nauthO-lock 
before and including °11.30.0° are vulnerable to reflected XSS. An 
attacker can execute arbitrary code when the library's CVE-2021-32641 
‘flashMessage’ feature is utilized and user input or data from URL not yet MISC 
ania auth lOck parameters is incorporated into the “flashMessage* or the library's 2021-06-04 | -aiculated MISC 
‘languageDictionary’ feature is utilized and user input or data from CONFIRM 
URL parameters is incorporated into the ‘languageDictionary’. 
The vulnerability is patched in version 11.30.1. 
A flaw was found in avahi in versions 0.6 up to 0.8. The event 
used to signal the termination of the client connection on the avahi 
avahi -- avahi Unix socket is not correctly handled in the client_work function, 2021-06-02 not yet |CVE-2021-3468 
allowing a local attacker to trigger an infinite loop. The highest calculated |MISC 
threat from this vulnerability is to the availability of the avahi 
service, which becomes unresponsive after this flaw is triggered. 
Backstage is an open platform for building developer portals, and 
techdocs-common contains common functionalities for 
Backstage's TechDocs. In ‘@backstage/techdocs-common 
versions prior to 0.6.3, a malicious actor could read sensitive files 
from the environment where TechDocs documentation is built and CVE-2021-32662 
published by setting a particular path for ‘docs_dir in not yet |MISC 
peehatage = tEenddee *mkdocs.yml’. These files would then be available over the 2021-06-03 | calculated |IMISC 
'TechDocs backend API. This vulnerability is mitigated by the fact CONFIRM 
that an attacker would need access to modify the “mkdocs.yml’ in 
the documentation source code, and would also need access to 
the TechDocs backend API. The vulnerability is patched in the 
*0.6.3° release of (@backstage/techdocs-common’. 
Backstage is an open platform for building developer portals, and 
techdocs-common contains common functionalities for 
Backstage's TechDocs. In versions of ‘@backstage/tehdocs- 
common’ prior to 0.6.4, a malicious internal actor is able to upload 
documentation content with malicious scripts. These scripts would 
normally be sanitized by the TechDocs frontend, but by tricking a 
user to visit the content via the TechDocs API, the content nat vet — 
backstage -- techdocs sanitazion will be bypassed. If the TechDocs API is hosted on the || 2021-06-03 erie MISC. 
same origin as the Backstage app or other backend plugins, this MISC 
may give access to sensitive data. The ability to upload malicious iaeaaoaages 
content may be limited by internal code review processes, unless 
the chosen TechDocs deployment method is to use an object 
store and the actor has access to upload files directly to that store. 
The vulnerability is patched in the 0.6.4" release of 
*@backstage/techdocs-common’. 
Backstage is an open platform for building developer portals. In 
versions of Backstage's Techdocs Plugin (@backstage/plugin- 
techdocs’) prior to 0.9.5, a malicious internal actor can potentially 
upload documentation content with malicious scripts by 
embedding the script within an ‘object’ element. This may give CVE-2021-32661 
backstage -- techdocs access to sensitive data when other users visit that same 2021-06-03 not yet CONFIRM 
documentation page. The ability to upload malicious content may calculated ||MISC 
be limited by internal code review processes, unless the chosen MISC 
‘TechDocs deployment method is to use an object store and the 
actor has access to upload files directly to that store. The 
vulnerability is patched in the ‘0.9.5° release of 
*@backstage/plugin-techdocs’. 
The BDew BdLib library before 1.16.1.7 for Minecraft allows SS ee Les 
bdew -- bdlib remote code execution because it deserializes untrusted data in 2021-06-03 not yet CONFIRM 
ObjectInputStream.readObject as part of its use of Java calculated MISC. 
serialization. MISC 
A SQL injection vulnerability was discovered in 
bigtree_cms -- bigtree_cms /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which 2021-06-01 not yet |CVE-2020-26668 
allows an authenticated attacker to inject a malicious SQL query calculated |MISC 
to the applications via the 'Create New Feed' function. 
A vulnerability has been discovered in BigTree CMS 4.4.10 and 
bigtree_cms -- bigtree_cms earlier which allows an authenticated attacker to execute arbitrary 2021-06-01 not yet |CVE-2020-26670 
commands through a crafted request sent to the server via the calculated ||MISC 
‘Create a New Setting’ function. 
A stored cross-site scripting (XSS) vulnerability was discovered in 
bigtree_cms -- bigtree_cms BigTree CMS 4.4.10 and earlier which allows an authenticated 2021-06-01 not yet ||CVE-2020-26669 
attacker to execute arbitrary web scripts or HTML via the page calculated |MISC 
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CLI commands on an affected device. For more information about 
these vulnerabilities, see the Details section of this advisory. 

















Primary ae P Cvss Source & Patch 
Vendor -- Product Bescmpion eubllehes Score Info 
** DISPUTED ** BIRD through 2.0.7 does not provide functionality 
for password authentication of BGP peers. Because of this, 
products that use BIRD (which may, for example, include Tigera 
bird -- bird products in some configurations, as well as products of other 2021-06-04 not yet |CVE-2021-26928 
vendors) may have been susceptible to route redirection for calculated |MISC 
Denial of Service and/or Information Disclosure. NOTE: a 
researcher has asserted that the behavior is within Tigera’s area 
of responsibility; however, Tigera disagrees. 
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability 
bloofoxcms -- bloofoxcms via bypass MIME Type validation by inserting 'image/jpeg' within 2021-06-04 Paar a 
the 'Content-Type' header. ome 
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by not yet ||CVE-2020-36142 
bloofoxems -- bloofoxems inserting '../' payloads within the ‘fileurl' parameter. 2021-06-04 | calculated MISC 
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) 
bloofoxcms -- bloofoxcms via 'mode=settings&page=editor’, as demonstrated by use of 2021-06-04 not yet |CVE-2020-36140 
‘mode=settings&page=editor' to change any file content calculated |MISC 
(Locally/Remotely). 
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) 
bloofoxems -- bloofoxems vulnerability by inserting a XSS payload within the ‘fileur! 2021-06-04 |) "ot yet en 
parameter. calculated jis 
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. 
a, Any authenticated user from any project can see the name of i r 
pp aieaier Ruleflow Groups from other projects, despite the user not having 2021-06-01 oe —o 
access to those projects. The highest threat from this vulnerability fanaa 
is to confidentiality. 
bubble fireworks is an open source java package relating to 
bubble_fireworks -- Spring Framework. In bubble fireworks before version 
bubble fireworks 2021.BUILD-SNAPSHOT there is a vulnerability in which the 2021-06-04 |} Totyet a 
package did not properly verify the signature of JSON Web a 
‘Tokens. This allows to forgery of valid JWTs. 
Bhivis technology = Multiple storage XSS vulnerabilities were discovered on BF-430, CVE-2021-31250 
ahi Sle iot he BF-431 and BF-450M TCP/IP Converter devices from CHIYU 2021-06-04 not yet |MISC 
ple_1ol_ ‘Technology Inc due to a lack of sanitization of the input on the calculated |MISC 
components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. MISC 
anini dechnoloay: A CRLF injection vulnerability was found on BF-430, BF-431, and CVE-2021-31249 
Sun Sle iot ae BF-450M TCP/IP Converter devices from CHIYU Technology Inc 2021-06-04 not yet MISC 
ple_iol_ due to a lack of validation on the parameter redirect= available on calculated |MISC 
multiple CGI components. MISC 
chivis technologie An open redirect vulnerability exists in BF-630, BF-450M, BF-430, CVE-2021-31252 
ad Sle iot aetcas BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from 2021-06-04 not yet |CONFIRM 
ple_1ol_ CHIYU Technology that can be exploited by sending a link that calculated |MISC 
has a specially crafted URL to convince the user to click on it. MISC 
An unauthenticated XSS vulnerability exists in several loT devices CVE-2021-31641 
chiyu_technology -- from CHIYU Technology, including BF-630, BF-450M, BF-430, BF- ak vet MISC 
multiple_iot_devices 431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due]] 2021-06-01 Seiicica MISC 
to a lack of sanitization when the HTTP 404 message is MISC 
generated. MISC 
An authentication bypass in telnet server in BF-430 and BF431 
hive teshnalaayse 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU CVE-2021-31251 
yu_tec gy ‘Technology Inc allows obtaining a privileged connection with the not yet CONFIRM 
multiple_iot_devices é : é 2021-06-04 
target device by supplying a specially malformed request and an calculated |MISC 
attacker may force the remote telnet server to believe that the MISC 
user has already authenticated. 
chivu ‘technology An XSS vulnerability exists in several loT devices from CHIYU ae 
yu eenno’ogy Technology, including SEMAC, Biosense, BF-630, BF-631, and notyet fo S= 
multiple_iot_devices aeeahioe ea 2021-06-01 MISC 
Webpass due to a lack of sanitization on the component if.cgi - calculated MISC 
username parameter. MISC 
A denial of service condition exists after an integer overflow in 
arin dechnoloav several loT devices from CHIYU Technology, including a 
aut Sle iot es BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The 2021-06-01 not yet MISC 
ple_iol_ vulnerability can be explored by sending an unexpected integer (> calculated MISC 
32 bits) on the page parameter that will crash the web portal and MISC 
making it unavailable until a reboot of the device. = 
Multiple vulnerabilities in the authorization process of Cisco ASR 
; . 5000 Series Software (StarOS) could allow an authenticated, 
cisco: ast_9000_senes sofware remote attacker to bypass authorization and execute a subset of 2021-06-04 aa He d a 
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cisco -- asr_5000_series_software 


Multiple vulnerabilities in the authorization process of Cisco ASR 
5000 Series Software (StarOS) could allow an authenticated, 
remote attacker to bypass authorization and execute a subset of 
CLI commands on an affected device. For more information about 
these vulnerabilities, see the Details section of this advisory. 


2021-06-04 


not yet 
calculated 


CVE-2021-1539 
CISCO 








cisco -- 
common_services_platform_collecta 


A vulnerability in the configuration dashboard of Cisco Common 
Services Platform Collector (CSPC) could allow an authenticated, 
remote attacker to execute arbitrary code. This vulnerability is due 
ito insufficient sanitization of configuration entries. An attacker 
could exploit this vulnerability by logging in as a super admin and 
entering crafted input to configuration options on the CSPC 
configuration dashboard. A successful exploit could allow the 


attacker to execute remote code as root. 


2021-06-04 


not yet 
calculated 


CVE-2021-1538 
CISCO 








cisco -- ds-wan_software 


A vulnerability in the CLI of Cisco SD-WAN Software could allow 
an authenticated, local attacker to gain elevated privileges on an 
affected system. This vulnerability exists because the affected 
software does not properly restrict access to privileged processes. 
An attacker could exploit this vulnerability by invoking a privileged 
process in the affected system. A successful exploit could allow 
the attacker to perform actions with the privileges of the root user. 


2021-06-04 


not yet 
calculated 


CVE-2021-1528 
CISCO 








cisco -- multiple_ products 


A vulnerability in Cisco Webex Meetings Desktop App for 
Windows, Cisco Webex Meetings Server, Cisco Webex Network 
Recording Player for Windows, and Cisco Webex Teams for 
Windows could allow an authenticated, local attacker to perform a 
DLL injection attack on an affected device. To exploit this 
vulnerability, the attacker must have valid credentials on the 
Windows system. This vulnerability is due to incorrect handling of 
directory paths at run time. An attacker could exploit this 
vulnerability by inserting a configuration file in a specific path in 
the system, which can cause a malicious DLL file to be loaded 
when the application starts. A successful exploit could allow the 
attacker to execute arbitrary code on the affected system with the 
privileges of another user account. 


2021-06-04 


not yet 
calculated 


CVE-2021-1536 
CISCO 








cisco -- thousandeyes_recorder 


A vulnerability in the installer software of Cisco ThousandEyes 
Recorder could allow an unauthenticated, local attacker to access 
sensitive information that is contained in the ThousandEyes 
Recorder installer software. This vulnerability exists because 
sensitive information is included in the application installer. An 
attacker could exploit this vulnerability by downloading the installer 
and extracting its contents. A successful exploit could allow the 
attacker to access sensitive information that is included in the 
application installer. 


2021-06-04 


not yet 
calculated 


CVE-2021-1537 
CISCO 








cisco -- 
Vvideo_surveillance_7000_series_ip+ 


Multiple vulnerabilities in the implementation of the Cisco 
Discovery Protocol and Link Layer Discovery Protocol (LLDP) for 
Cisco Video Surveillance 7000 Series IP Cameras could allow an 
unauthenticated, adjacent attacker to cause a memory leak, which 
could lead to a denial of service (DoS) condition on an affected 
device. These vulnerabilities are due to incorrect processing of 
certain Cisco Discovery Protocol and LLDP packets at ingress 
(tayeraA&n attacker could exploit these vulnerabilities by sending 
crafted Cisco Discovery Protocol or LLDP packets to an affected 
device. A successful exploit could allow the attacker to cause the 
affected device to continuously consume memory, which could 
cause the device to crash and reload, resulting in a DoS condition. 
Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. 
'To exploit these vulnerabilities, an attacker must be in the same 
broadcast domain as the affected device (Layer 2 adjacent). 


2021-06-04 


not yet 
calculated 


CVE-2021-1564 
CISCO 








cisco -- 
Vvideo_surveillance_7000_series_ip | 








Multiple vulnerabilities in the implementation of the Cisco 
Discovery Protocol and Link Layer Discovery Protocol (LLDP) for 
Cisco Video Surveillance 7000 Series IP Cameras could allow an 
unauthenticated, adjacent attacker to cause a memory leak, which 
could lead to a denial of service (DoS) condition on an affected 
device. These vulnerabilities are due to incorrect processing of 
certain Cisco Discovery Protocol and LLDP packets at ingress 
time, An attacker could exploit these vulnerabilities by sending 
tatted Cisco Discovery Protocol or LLDP packets to an affected 
device. A successful exploit could allow the attacker to cause the 
affected device to continuously consume memory, which could 
cause the device to crash and reload, resulting in a DoS condition. 
Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. 
'To exploit these vulnerabilities, an attacker must be in the same 
broadcast domain as the affected device (Layer 2 adjacent). 











2021-06-04 





not yet 
calculated 





CVE-2021-1563 
CISCO 
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cisco -- webex_meetings 


A vulnerability in logging mechanisms of Cisco Webex Meetings 
client software could allow an authenticated, local attacker to gain 
access to sensitive information. This vulnerability is due to unsafe 
logging of application actions. An attacker could exploit this 
vulnerability by logging onto the local system and accessing files 
containing the logged details. A successful exploit could allow the 
attacker to gain access to sensitive information, including meeting 
data and recorded meeting transcriptions. 


2021-06-04 


not yet 
calculated 


CVE-2021-1544 
CISCO 








cisco -- 


webex_meetings_and_meeteri ngs_seryer 


A vulnerability in Cisco Webex Meetings and Cisco Webex 
Meetings Server could allow an unauthenticated, remote attacker 
ito redirect users to a malicious file. This vulnerability is due to 
improper validation of URL paths in the application interface. An 
attacker could exploit this vulnerability by persuading a user to 

Ww a specially crafted URL that is designed to cause Cisco 
Webex Meetings to include a remote file in the web UI. A 
successful exploit could allow the attacker to cause the application 
ito offer a remote file to a user, which could allow the attacker to 
conduct further phishing or spoofing attacks. 


2021-06-04 


not yet 
calculated 


CVE-2021-1525 
CISCO 








cisco -- 


A vulnerability in the multimedia viewer feature of Cisco Webex 
Meetings and Cisco Webex Meetings Server could allow an 
authenticated, remote attacker to bypass security protections. This 
vulnerability is due to unsafe handling of shared content within the 


webex_meetings_and_meetings_sefmeultimedia viewer feature. An attacker could exploit this 


vulnerability by sharing a file through the multimedia viewer 
feature. A successful exploit could allow the attacker to bypass 
security protections and prevent warning dialogs from appearing 
before files are offered to other users. 


2021-06-04 


not yet 
calculated 


CVE-2021-1517 
CISCO 








cisco -- 
webex_network_recording_player 


A vulnerability in Cisco Webex Network Recording Player for 
Windows and MacOS and Cisco Webex Player for Windows and 
MacOS could allow an attacker to execute arbitrary code on an 
affected system. The vulnerability is due to insufficient validation 
of values within Webex recording files formatted as either 
Advanced Recording Format (ARF) or Webex Recording Format 
(WRF). An attacker could exploit the vulnerability by sending a 
user a malicious ARF or WRF file through a link or email 
attachment and persuading the user to open the file. A successful 
exploit could allow the attacker to execute arbitrary code on the 
affected system with the privileges of the targeted user. 


2021-06-04 


not yet 
calculated 


CVE-2021-1502 
CISCO 








cisco -- 
webex_network_recording_player 


A vulnerability in Cisco Webex Network Recording Player for 
Windows and MacOS and Cisco Webex Player for Windows and 
MacOS could allow an attacker to execute arbitrary code on an 
affected system. This vulnerability is due to insufficient validation 
of values in Webex recording files that are in either Advanced 
Recording Format (ARF) or Webex Recording Format (WRF). An 
attacker could exploit this vulnerability by sending a user a 
malicious ARF or WRF file through a link or email attachment and 
persuading the user to open the file with the affected software on 
the local system. A successful exploit could allow the attacker to 
execute arbitrary code on the affected system with the privileges 
of the targeted user. 


2021-06-04 


not yet 
calculated 


CVE-2021-1503 
CISCO 








cisco -- webex_player 


A vulnerability in Cisco Webex Player for Windows and MacOS 
could allow an attacker to execute arbitrary code on an affected 
system. This vulnerability is due to insufficient validation of values 
in Webex recording files that are in Webex Recording Format 
(WRF). An attacker could exploit this vulnerability by sending a 
user a malicious WRF file through a link or email attachment and 
persuading the user to open the file with the affected software on 
the local system. A successful exploit could allow the attacker to 
execute arbitrary code on the affected system with the privileges 
of the targeted user. 


2021-06-04 


not yet 
calculated 


CVE-2021-1526 
CISCO 








cisco -- webex_player 


A vulnerability in Cisco Webex Player for Windows and MacOS 
could allow an attacker to cause the affected software to terminate 
or to gain access to memory state information that is related to the 
vulnerable application. The vulnerability is due to insufficient 
validation of values in Webex recording files that are stored in 
Webex Recording Format (WRF). An attacker could exploit this 
vulnerability by sending a malicious WRF file to a user as a link or 
email attachment and then persuading the user to open the file 
with the affected software on the local system. A successful 
exploit could allow the attacker to crash the affected software and 
view memory state information. 


2021-06-04 


not yet 
calculated 


CVE-2021-1527 
CISCO 








clustered_data -- ontap 





Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are 
susceptible to a vulnerability which could allow single workloads to 
cause a Denial of Service (DoS) on a cluster node. 














2021-06-04 





not yet 
calculated 





CVE-2021-26994 
MISC 
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Prima rae : CVSS Source & Patch 
Vendor -- Pealiek Descnpton Published Score Info 
cms_made_simple - A cross-site scripting (XSS) vulnerability was discovered in the 
cms_made_simple Administrator panel on the ‘Setting News' module on CMS Made 2021-06-01 not yet ||CVE-2020-27377 
= = Simple 2.2.14 which allows an attacker to execute arbitrary web calculated |MISC 
scripts. 
The D-Link router DIR-868L 3.01 is vulnerable to credentials 
d-link -- dir-868I_router disclosure in telnet service through decompilation of firmware, that 2021-06-04 not yet |CVE-2020-29321 
allows an unauthenticated attacker to gain access to the firmware calculated |MISC 
and to extract sensitive data. 
The D-Link router DIR-880L 1.07 is vulnerable to credentials 
d-link -- dir-880I_router disclosure in telnet service through decompilation of firmware, that 2021-06-04 not yet ||CVE-2020-29322 
allows an unauthenticated attacker to gain access to the firmware calculated |MISC 
and to extract sensitive data. 
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable 
d-link -- dir-885l-mfc_router a credentials disclosure in telnet service through decompilation of 2021-06-04 not yet |CVE-2020-29323 
irmware, that allows an unauthenticated attacker to gain access calculated ||MISC 
to the firmware and to extract sensitive data. 
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to 
d-link -- dir-895l-mfc_router credentials disclosure in telnet service through decompilation of 2021-06-04 not yet |CVE-2020-29324 
firmware, that allows an unauthenticated attacker to gain access calculated ||MISC 
to the firmware and to extract sensitive data. 
CVE-2015-1877 
The open_generic_xdg_mime function in xdg-open in xdg-utils ne 
debian -- debian 1.1.0 rc1 in Debian, when using dash, does not properly handle 2021-06-02 not yet MISC 
local variables, which allows remote attackers to execute arbitrary calculated MISC 
commands via a crafted file. MISC 
MISC 
, : Directory traversal in Eclipse Mojarra before 2.3.14 allows CVE-2020-6950 
eclipse -- moiarra . : : not yet MISC 
attackers to read arbitrary files via the loc parameter or con 2021-06-02 
parameter. calculated |MISC 
MISC 
Emissary is a P2P based data-driven workflow engine. Affected 
versions of Emissary are vulnerable to post-authentication 
Remote Code Execution (RCE). The [ CreatePlace’] 
(https://github.com/NationalSecurityAgency/emissary/blob/30c54ef|| 6c6eb6ed09604.a929939fb9f66868382/src/main/ja 
REST endpoint accepts an ‘sppClassName’ parameter which is 
used to load an arbitrary class. This class is later instantiated 
emissary -- emissary using a constructor with the following signature: “<constructor> not yet CVE-2021-32647 
(String, String, String)’. An attacker may find a gadget (class) in 2021-06-01 calculated CONFIRM 
the application classpath that could be used to achieve Remote MISC 
Code Execution (RCE) or disrupt the application. Even though the 
chances to find a gadget (class) that allow arbitrary code 
execution are low, an attacker can still find gadgets that could 
potentially crash the application or leak sensitive data. As a work 
around disable network access to Emissary from untrusted 
sources. 
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envoy -- envoy 


### Description Envoy does not decode escaped slash 
sequences °%2F* and *%5C° in HTTP URL paths in versions 
1.18.2 and before. A remote attacker may craft a path with 
escaped slashes, e.g. ‘/something%2F..%2Fadmin’, to bypass 
access control, e.g. a block on ‘/admin’. A backend server could 
then decode slash sequences and normalize path and provide an 
attacker access beyond the scope provided for by the access 
control policy. ### Impact Escalation of Privileges when using 
RBAC or JWT filters with enforcement based on URL path. Users 
with back end servers that interpret “%2F* and ‘/ and *%5C° and ~ 


'You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably are impacted. ### Attack Vector URL paths 
containing escaped slash characters delivered by untrusted client. 
### Patches Envoy versions 1.18.3, 1.17.3, 1.16.4, 1.15.5 contain 
new path normalization option to decode escaped slash 
characters. ### Workarounds If back end servers treat *%2F* and 
‘Tf and *%5C° and ~ 


'You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably and a URL path based access control is 
configured, we recommend reconfiguring back end server to not 
treat *%2F* and / and °%5C° and ~ 


You are subscribed to National Cyber Awareness System Bulletins 
for Cybersecurity and Infrastructure Security Agency. This 
information has recently been updated, and is now available. 


interchangeably if feasible. ### Credit Ruilin Yang 
(ruilin.yri'@gmail.com) ### References https://blog.envoyproxy.io 
https://github.com/envoyproxy/envoy/releases ### For more 
information If you have any questions or comments about this 
advisory: * Open an issue in [Envoy repo] 
(https://github.com/envoyproxy/envoy/issues) * Email us at 
[envoy-security](mailto:envoy-security@googlegroups.com) 


2021-05-28 


not yet 
calculated 


CVE-2021-29492 
CONFIRM 








fdcms -- fdcms 


FDCMS (also known as Fangfa Content Management System) 4.0 
allows remote attackers to get a webshell in the background via 
Front/lib/Action/FindexAction.class.php. 


2021-06-02 


not yet 
calculated 





CVE-2020-35442 
MISC 








fdcms -- fdcms 


FDCMS (aka Fangfa Content Management System) 4.0 contains 
a front-end SQL injection via 
Admin/Lib/Action/FloginAction.class.php. 


2021-06-02 


not yet 
calculated 





CVE-2020-35441 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in the filter_frame function in vf_tile.c. 


2021-06-02 


not yet 
calculated 





CVE-2020-22051 
MISC 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in avcodec_alloc_context3 at options.c. 


2021-06-01 


not yet 
calculated 





CVE-2020-22037 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in the ff_v4l2_m2m_create_context function in 
Vv4I2_m2m.c. 


2021-06-01 


not yet 
calculated 





CVE-2020-22038 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a 
memory leak in the v_frame_alloc function in frame.c. 


2021-06-01 


not yet 
calculated 





CVE-2020-22040 
MISC 








ffmpeg -- ffmpeg 


A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 
in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory 
corruption and other potential consequences. 


2021-06-01 


not yet 
calculated 





CVE-2020-22036 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in the inavi_add_ientry function. 


2021-06-01 


not yet 
calculated 





CVE-2020-22039 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak is affected by: memory leak in the link_filter_inouts 
function in libavfilter/graphparser.c. 


2021-06-01 


not yet 
calculated 





CVE-2020-22042 
MISC 








ffmpeg -- ffmpeg 


A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 
in get_block_row at libavfilter/vf_bm3d.c, which might lead to 
memory corruption and other potential consequences. 


2021-06-01 


not yet 
calculated 





CVE-2020-22035 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in the av_buffersrc_add_frame_flags function in 
buffersrc. 


2021-06-01 


not yet 
calculated 





CVE-2020-22041 
MISC 








ffmpeg -- ffmpeg 


A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
memory leak in the ff_frame_pool_get function in framepool.c. 


2021-06-02 


not yet 
calculated 





CVE-2020-22048 
MISC 








ffmpeg -- ffmpeg 








A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 





memory leak at the fifo_alloc_common function in libavutil/fifo.c. 








2021-06-01 


not yet 








calculated 





CVE-2020-22043 





MISC 
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A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
fimpeg -- fimpeg memory leak in the url_open_dyn_buf_internal function in 2021-06-01 Pte tan hee 
libavformat/aviobuf.c. eee 
A Denial of Service vulnerability exists in FFmpeg 4.2 due toa 
fimpeg:~ imped memory leak in the avpriv_float_dsp_allocl function in 2021-06-02 es a 
libavutil/float_dsp.c. ss 
ffmpeg -- ffmpeg A Denial of Service vulnerability exists in FFmpeg 4.2 due to a not yet CVE-2020-22049 
: . ‘bie 2021-06-02 MISC 
memory leak in the wtvfile_open_sector function in wtvdec.c. calculated MISC 
ffmpeg -- ffmpeg A Denial of Service vulnerability exists in FFmpeg 4.2 due toa not yet ——— 
; : Sea as 2021-06-02 MISC 
memory leak in the av_dict_set function in dict.c. calculated MISC 
ffmpeg -- ffmpeg A Denial of Service vulnerability exists in FFmpeg 4.2 due to a 2021-06-02 not yet |CVE-2020-22056 
memory leak in the config_input function in af_acrossover.c. calculated ||MISC 
Foreman versions before 2.3.4 and before 2.4.0 is affected by an 
improper authorization handling flaw. An authenticated attacker 
can impersonate the foreman-proxy if product enable the Puppet 
foreman -- forman Certificate authority (CA) to sign certificate requests that have 2021-06-03 not yet |CVE-2021-3469 
subject alternative names (SANs). Foreman do not enable SANs calculated |MISC 
by default and ‘allow-authorization-extensions: is set to ‘false 
unless user change ‘/etc/puppetlabs/puppetserver/conf.d/ca.conf 
configuration explicitly. 
‘Two authorization bypass through user-controlled key 
fortinet -- forti_presence vulnerabilities in the Fortinet FortiPresence 2.1.0 administration 2021-06-02 not yet ||CVE-2020-6641 
interface may allow an attacker to gain access to some user data calculated |CONFIRM 
via portal manager or portal users parameters. 
F ‘a An improper input validation in FortiAl v1.4.0 and earlier may allow 
foninet'- tortal an authenticated user to gain system shell access via a malicious |} 2021-06-03 not yet eee 
: Wai " calculated |CONFIRM 
payload in the "diagnose" command. 
An improper following of a certificate's chain of trust vulnerability in 
fortinet -- fortigate FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to 2021-06-02 not yet |CVE-2021-24012 
connect to SSLVPN with any certificate that is signed by a trusted calculated |CONFIRM 
Certificate Authority. 
A stack-based buffer overflow vulnerability in FortiProxy physical 
appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 
fortinet -- fortiproxy 1.0.7 may allow an authenticated, remote attacker to perform a 2021-06-03 not yet |CVE-2021-22130 
Denial of Service attack by running the “diagnose sys cpuset’ with calculated |CONFIRM 
a large cpuset mask value. Fortinet is not aware of any successful 
exploitation of this vulnerability that would lead to code execution. 
A missing release of memory after effective lifetime vulnerability in 
: Bs FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and 
Foninpt =: TORE wien below may allow an attacker on an adjacent network to exhaust 2021-06-01 Bea a 
available memory by sending specifically crafted LLDP/CDP/EDP ae 
packets to the device. 
An OS command injection vulnerability in FortiWeb's management 
: H interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may 
Foran E- TRI NGr allow a remote authenticated attacker to execute arbitrary 2021-06-01 ea i d — 
commands on the system via the SAML server configuration iameneoaaae 
page. 
In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before 
1368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 
and 11.4-RELEASE before p5 the handler for a routing option 
freebsd -- freebsd caches a pointer into the packet buffer holding the ICMPv6 2021-06-04 not yet |CVE-2020-7469 
message. However, when processing subsequent options the calculated ||MISC 
packet buffer may be freed, rendering the cached pointer invalid. 
The network stack may later dereference the pointer, potentially 
triggering a use-after-free. 
: nea Frontier ichris through 5.18 allows users to upload malicious 
ener iemne executable files that might later be downloaded and run by any 2021-05-29 ey ae ee ee 
client user. calculated |MISC 
, ee Frontier ichris through 5.18 mishandles making a DNS request for 
ionler lenis the hostname in the HTTP Host header, as demonstrated by 2021-05-29 Peete a 
submitting 127.0.0.1 multiple times for DoS. oe 
In the reference implementation of FUSE before 2.9.8 and 3.x 
Fikeusres before 3.2.5, local attackers were able to specify the allow_other not vat CVE-2021-33805 
option even if forbidden in /etc/fuse.conf, leading to exposure of 2021-06-03 eer il MISC 








FUSE filesystems to other users. This issue only affects systems 





with SELinux active. 














CONFIRM 
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GENIVI Diagnostic Log and Trace (DLT) provides a log and trace 
interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a 
configuration file containing the special characters could cause a 
genivi -- diagnostic_log_and_trace_ ||vulnerable component to crash. All the applications which are 2021-05-28 not yet |CVE-2021-29507 
using the configuration file could fail to generate their dlt logs in calculated |CONFIRM 
system. As of time of publication, no patch exists. As a 
workaround, one may check the integrity of information in 
configuration file manually. 
A flaw was found in github.com/satori/go.uuid in versions from 
atieceeiaa commit Oef6afb2fcdd6cdaeee3885a95099C63F1 Bfc8c to er — 
d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure || 2021-06-02 calculated |IMISC 
randomness in the g.rand.Read function the generated UUIDs are MISC 
predictable for an attacker. freee 
CVE-2020-28469 
MISC 
lobparent<<alebeparent This affects the package glob-parent before 5.1.2. The enclosure not vet MISC 
giob-p glob: regex used to check for strings ending in enclosure containing 2021-06-03 | ae d MISC 
path separator. sere haar 
MISC 
MISC 
A flaw was discovered in GNU libiberty within demangle_path() in 
gnu -- libiberty rust-demangle.c, as distributed in GNU Binutils version 2.36. A 2021-06-02 not yet |CVE-2021-3530 
crafted symbol can cause stack memory to be exhausted leading calculated |MISC 
ito a crash. 
Use after free in File API in Google Chrome prior to 90.0.4430.212 idk vet CVE-2021-30515 
google -- chrome allowed a remote attacker to potentially exploit heap corruption via] 2021-06-04 sei ted MISC 
a crafted HTML page. MISC 
Heap buffer overflow in History in Google Chrome prior to 
ecole’ hrome 90.0.4430.212 allowed a remote attacker who had compromised 2021-06-04 not yet oe 
goog the renderer process to potentially exploit heap corruption via a calculated MISC 
crafted HTML page. a= 
Heap buffer overflow in Media Feeds in Google Chrome prior to 
90.0.4430.212 allowed an attacker who convinced a user to not yet fener dese 
google -- chrome F : F : 2021-06-04 MISC 
enable certain features in Chrome to potentially exploit heap calculated MISC 
corruption via a crafted HTML page. lrererey 
Inappropriate implementation in Offline in Google Chrome on 
eoole=ehrome Android prior to 90.0.4430.212 allowed a remote attacker who had 2021-06-04 not yet ee 
goog compromised the renderer process to bypass site isolation via a calculated MISC 
crafted HTML page. aeons 
Incorrect security Ul in Web App Installs in Google Chrome on CVE-2021-30506 
google -- chrome Android prior to 90.0.4430.212 allowed an attacker who convinced 2021-06-04 not yet MISC... 
a user to install a web application to inject scripts or HTML into a calculated MISC 
privileged page via a crafted HTML page. (eames 
Out of bounds read in Tab Groups in Google Chrome prior to CVE-2021-30511 
google -- chrome 90.0.4430.212 allowed an attacker who convinced a user to install 2021-06-04 not yet MISC... 
a malicious extension to perform an out of bounds memory read calculated MISC 
via a crafted HTML page. <———- 
Use after free in Notifications in Google Chrome prior to CVE-2021-30512 
google -- chrome 90.0.4430.212 allowed a remote attacker who had compromised 2021-06-04 not yet i 
the renderer process to potentially exploit heap corruption via a calculated MISC 
crafted HTML page. (aes 
google -- chrome Type confusion in V8 in Google Chrome prior to 90.0.4430.212 not yet CVE-2021-30513 
allowed a remote attacker to potentially exploit heap corruption via] 2021-06-04 calculated MISC 
a crafted HTML page. MISC 
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 CVE-2021-30514 
google -- chrome allowed a remote attacker who had compromised the renderer 2021-06-04 not yet MISC. 
process to potentially exploit heap corruption via a crafted HTML calculated MISC 
page. ——— 
Out of bounds write in Tab Strip in Google Chrome prior to CVE-2021-30509 
google -- chrome 90.0.4430.212 allowed an attacker who convinced a user to install 2021-06-04 not yet MISC... 
a malicious extension to perform an out of bounds memory write calculated MISC 
Via a crafted HTML page and a crafted Chrome extension. poe 
Use after free in Tab Strip in Google Chrome prior to 
google -- chrome 90.0.4430.212 allowed an attacker who convinced a user to install 2021-06-04 not yet 1 ae 
a malicious extension to potentially exploit heap corruption via a calculated MISC 
crafted HTML page. re 
SGale=ehrome Use after free in Aura in Google Chrome prior to 90.0.4430.212 not vat CVE-2021-30510 
goog allowed a remote attacker to potentially exploit heap corruption via || 2021-06-04 | i: ted MISC 
a crafted HTML page. eae lnaiee 
Use after free in Payments in Google Chrome prior to CVE-2021-30519 
google -- chrome 90.0.4430.212 allowed an attacker who convinced a user to install 2021-06-04 not yet MISC... 
a malicious payments app to potentially exploit heap corruption via calculated | a5 











a crafted HTML page. 
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6/7/2021 Vulnerability Summary for the Week of May 31, 2021 
Primary ae P Cvss Source & Patch 
Vendor -- Product Descmpton Published | Score Info 
ooble chrome ‘Type confusion in V8 in Google Chrome prior to 90.0.4430.212 Hot vet CVE-2021-30517 
goog allowed a remote attacker to potentially exploit heap corruption via |] 2021-06-04 Ginna ted MISC 
a crafted HTML page. MISC 
Hoole—<<Chrome Heap buffer overflow in Reader Mode in Google Chrome prior to Aokvat CVE-2021-30518 
goog 90.0.4430.212 allowed a remote attacker to potentially exploit 2021-06-04 Rear aoe MISC 
heap corruption via a crafted HTML page. MISC 
gstreamer -- gstreamer GStreamer before 1.18.4 may perform an out-of-bounds read not yet CVE-2021-3522 
2021-06-02 
when handling certain ID3v2 tags. calculated ||MISC 
HashiCorp Vault and Vault Enterprise allowed the renewal of 
hashicorp -- nearly-expired token leases and dynamic secret leases notvet CVE-2021-32923 
vault_and_vault_enterprise (specifically, those within 1 second of their maximum TTL), which 2021-06-03 antenna MISC 
caused them to be incorrectly treated as non-expiring during MISC 
subsequent use. Fixed in 1.5.9, 1.6.5, and 1.7.2. 
‘There is an Improper Access Control vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-03 Phir a 
cause app redirections. par 
There is a Missing Authentication for Critical Function vulnerability 
in Huawei Smartphone. Attackers with physical access to the 
huawei -- smartphone device can thereby exploit this vulnerability. A successful 2021-06-03 Pio tam 1 nana 
exploitation of this vulnerability can compromise the device's data Laaaeciar 
security and functional availability. 
‘There is an Information Disclosure vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-03 is Fo a 
impair data confidentiality. eae 
‘There is an Information Disclosure vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-03 Plate ie 
cause leaking of user click data. Fas 
‘There is an Information Disclosure vulnerability in Huawei 
huawei -- smartphone Smartphone. Successful exploitation of this vulnerability may 2021-06-03 ea ee 
result in video streams being intercepted during transmission. ae 
‘There is a Business Logic Errors vulnerability in Huawei 
huawei -- smartphone Smartphone. The malicious apps installed on the device can keep 2021-06-03 not yet CVE-2021-22308 
taking screenshots in the background. This issue does not cause calculated |MISC 
system errors, but may cause personal information leakage. 
: ‘There is an Improper Control of Generation of Code vulnerability 
neanel=sieiehions in Huawei Smartphone. Successful exploitation of this vulnerability] 2021-06-03 |} TOtyet we 
may cause denial of security services on a rooted device. named 
a ‘There is a Memory Buffer Improper Operation Limit vulnerability in z : 
ReaWe)-)siialehone Huawei Smartphone. Successful exploitation of this vulnerability | 2021-06-03 || "Otyet 1 nl 
may cause exceptions in image processing. (amit 
: There is a Security Function vulnerability in Huawei Smartphone. 
neawie! =e itariphons Successful exploitation of this vulnerability may impair data 2021-06-03 as — 
confidentiality. —— 
F There is a Credentials Management Errors vulnerability in Huawei 
players eiariahione Smartphone. Successful exploitation of this vulnerability may 2021-06-03 as ae 
impair data confidentiality. (ese 
: There is a Missing Authentication for Critical Function vulnerability 
nHanel<aialiehons in Huawei Smartphone. Successful exploitation of this vulnerability] 2021-06-03 |} TOtyet wee 
may impair data confidentiality. ee 
- There is an Improper Validation of Array Index vulnerability in :g : 
ngewe) =)siiahighone Huawei Smartphone. Successful exploitation of this vulnerability | 2021-06-03 || "Olver a 
may cause code to execute, thus obtaining system permissions. (camanad 
IBM Engineering Lifecycle Optimization - Publishing is vulnerable 
ibm -- to stored cross-site scripting. This vulnerability allows users to not vet CVE-2020-4977 
engineering_lifestyle_optimization_ptestisleid@rbitrary JavaScript code in the Web UI thus altering the 2021-06-02 Pantera CONFIRM 
intended functionality potentially leading to credentials disclosure XE 
within a trusted session. IBM X-Force ID: 192470. 
IBM Jazz Foundation and IBM Engineering products are 
vulnerable to server-side request forgery (SSRF). This may allow not vet CVE-2021-20348 
ibm -- jazz_foundation an authenticated attacker to send unauthorized requests from the || 2021-06-02 rl CONFIRM 
system, potentially leading to network enumeration or facilitating XE 
other attacks. IBM X-ForcelD: 194597. 
IBM Jazz Foundation and IBM Engineering products are 
vulnerable to cross-site scripting. This vulnerability allows users to not vet CVE-2021-20338 
ibm -- jazz_foundation embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-02 aera CONFIRM 
intended functionality potentially leading to credentials disclosure XE 
within a trusted session. IBM X-Force ID: 194449. 
IBM Jazz Foundation and IBM Engineering products could allow not vet CVE-2020-4732 
ibm -- jazz_foundation an authenticated user to obtain sensitive information due to lack of] 2021-06-02 ees CONFIRM 
security restrictions. IBM X-Force ID: 188126. XF 
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Prima’ aT : CVSS Source & Patch 
Vendor -- Pealick Bescmpien Published Score Info 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to cross-site scripting. This vulnerability allows users to not yet CVE-2021-29668 
= embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-02 calculated CONFIRM 
intended functionality potentially leading to credentials disclosure XE 
within a trusted session. IBM X-Force ID: 199406. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to cross-site scripting. This vulnerability allows users to not yet CVE-2021-29670 
= embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-02 calculated CONFIRM 
intended functionality potentially leading to credentials disclosure XE 
within a trusted session. IBM X-Force ID: 199408. 
IBM Jazz Foundation and IBM Engineering products could allow a 
remote attacker to bypass security restrictions, caused by CVE-2020-4495 
ibm -- jazz_foundation improper access control. By sending a specially-crafted request to 2021-06-02 not yet CONFIRM 
the REST API, an attacker could exploit this vulnerability to calculated XE! 
bypass access restrictions, and execute arbitrary actions with ine 
administrative privileges. IBM X-Force ID: 182114. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to cross-site scripting. This vulnerability allows users to not yet CVE-2020-5030 
= embed arbitrary JavaScript code in the Web UI thus altering the 2021-06-02 calculated CONFIRM 
intended functionality potentially leading to credentials disclosure XF 
within a trusted session. IBM X-Force ID: 193737. 
IBM Jazz Foundation and IBM Engineering products could allow a 
ibm -- jazz_foundation remote attacker to obtain sensitive information when an error not yet CVE-2021-20371 
= message is returned in the browser. This information could be 2021-06-02 calculated CONFIRM 
used in further attacks against the system. IBM X-Force ID: XF 
195516. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to server-side request forgery (SSRF). This may allow not yet CVE-2021-20343 
= an authenticated attacker to send unauthorized requests from the || 2021-06-02 calculated CONFIRM 
system, potentially leading to network enumeration or facilitating XF 
other attacks. IBM X-Force ID: 194593. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to server-side request forgery (SSRF). This may allow not yet CVE-2021-20346 
= an authenticated attacker to send unauthorized requests from the || 2021-06-02 calculated CONFIRM 
system, potentially leading to network enumeration or facilitating XF 
other attacks. IBM X-Force ID: 194595. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to server-side request forgery (SSRF). This may allow not yet CVE-2021-20347 
= an authenticated attacker to send unauthorized requests from the || 2021-06-02 calculated CONFIRM 
system, potentially leading to network enumeration or facilitating XF 
other attacks. IBM X-Force ID: 194596. 
IBM Jazz Foundation and IBM Engineering products are 
ibm -- jazz_foundation vulnerable to server-side request forgery (SSRF). This may allow not yet CVE-2021-20345 
= an authenticated attacker to send unauthorized requests from the || 2021-06-02 calculated CONFIRM 
system, potentially leading to network enumeration or facilitating XF 
other attacks. IBM X-Force ID: 194594. 
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on CVE-2021-20380 
ibm -- qradar_advisor IBM QRadar SIEM 7.4 could allow a remote user to obtain 2021-06-03 not yet XFtttSCt~S 
sensitive information from HTTP requests that could aid in further calculated CONFIRM 
attacks against the system. IBM X-Force ID: 195712. rer ee 
' ; : IBM Security Verify Access 20.07 allows web pages to be stored CVE-2021-20575 
iin eGUnty aun ences. locally which can be read by another user on the system. X-Force || 2021-06-01 | ee d XE 
ID: 199278. calculated |CONFIRM 
IBM Security Verify Access 20.07 is vulnerable to a stack based CVE-2021-29665 
ibm -- security_verify_access buffer overflow, caused by improper bounds checking which could 2021-06-01 not yet XE tttC~S 
allow a local attacker to execute arbitrary code on the system with calculated CONFIRM 
elevated privileges. ee 
IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 
5.1.0.3 system core component is affected by a format string CVE-2021-29740 
ibm -- spectrum_scale security vulnerability. An attacker could execute arbitrary code in 2021-06-01 not yet CONFIRM 
the context of process memory, potentially escalating their system calculated XE! 
privileges and taking control over the entire system with root i 
access. IBM X-Force ID: 201474. 
in4suite -- erp SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to not yet CVE-2021-27828 
modify or delete data, causing persistent changes to the 2021-06-01 éalculated MISC 
application's content or behavior by using malicious SQL queries. MISC 
A flaw was found in Infinispan version 10, where it is possible to 
infinispan -- infinispan perform various actions that could have side effects using GET 2021-06-02 not yet |CVE-2020-10771 
requests. This flaw allows an attacker to perform a cross-site calculated |MISC 
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Primary arr . CVSS Source & Patch 
Vendor -- Product Description Published Score Info 
Invision Community (aka IPS Community Suite) before 4.6.0 oo 
invision_community -- allows eval-based PHP code injection by a moderator because the not yet |IFULLDISC 
invision_community IPS\cms\modules\front\pages\_builder::previewBlock method 2021-06-01 y nice 
: : me : calculated |IMISC 
interacts unsafely with the IPS\_Theme::runProcessFunction MISC 
method. MISC 
CVE-2018-10195 
ae ee Irzsz before version 0.12.21~rce can leak information to the not yet MISC 
receiving side due to an incorrect length check in the function 2021-06-02 calculated MISC 
zsdata that causes a size_t to wrap around. MISC 
MISC 
Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using 
istio -- istio the AUTO_PASSTHROUGH routing configuration, allows 2021-06-02 not yet |CVE-2021-31921 
attackers to bypass authorization checks and access unexpected calculated |MISC 
services in the cluster. 
It was found that the issue for security flaw CVE-2019-3805 
boss appeared again in a further version of JBoss Enterprise 
pate: rise. application: plationn Application Platform - Continuous Delivery (EAP-CD) introducing 2021-06-02 not yet ||CVE-2020-14317 
prise_apP P regression. An attacker could exploit this by modifying the PID file calculated |MISC 
in /var/run/jboss-eap/ allowing the init.d script to terminate any 
process as root. 
A flaw was found in jboss-remoting in versions before 5.0.20.SP1- 
redhat-00001. A malicious attacker could cause threads to hold up 
forever in the EJB server by writing a sequence of bytes 
\jboss-remoting -- jboss-remoting corresponding to the expected messages of a successful EJB 2021-06-02 not yet ||CVE-2020-35510 
client request, but omitting the ACK messages, or just tamper with calculated ||MISC 
jb0ss-remoting code, deleting the lines that send the ACK 
message from the EJB client code resulting in a denial of service. 
The highest threat from this vulnerability is to system availability. 
Successful exploitation of this vulnerability could give an 
authenticated Metasys user an unintended level of access to the CVE-2021-27657 
johnson_controls -- metasys server file system, allowing them to access or modify system files 2021-06-04 not yet CERT ~~~ 
by sending specifically crafted web messages to the Metasys calculated CONFIRM 
system. This issue affects: Johnson Controls Metasys version 11.0 ee 
and prior versions. 
CVE-2021-31684 
A vulnerability was discovered in the indexOf function of notvet MISC 
json -- smart JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which |} 2021-06-01 ‘iad MISC 
causes a denial of service (DOS) via a crafted web request. MISC 
MISC 
KDE Messagelib through 5.17.0 reveals cleartext of encrypted 
messages in some situations. Deleting an attachment of a 
decrypted encrypted message stored on a remote server (e.g., an 
IMAP server) causes KMail to upload the decrypted content of the 
: message to the remote server. With a crafted message, a user 
kde — messagelib could be tricked into decrypting an encrypted message and then 2021-06-02 ay ae oo 
deleting an attachment attached to this message. If the attacker catcurated jis 
has access to the messages stored on the email server, then the 
attacker could read the decrypted content of the encrypted 
message. This occurs in ViewerPrivate::deleteAttachment in 
messageviewer/src/viewer/viewer_p.cpp. 
An incorrect access control flaw was found in the kiali-operator in 
versions before 1.33.0 and before 1.24.7. This flaw allows an 
attacker with a basic level of access to the cluster (to deploy a kiali not vet CVE-2021-3495 
kiali-operator -- kiali-operator operand) to use this vulnerability and deploy a given image to 2021-06-01 y MISC 
; : ae Fas calculated 
anywhere in the cluster, potentially gaining access to privileged MISC 
service account tokens. The highest threat from this vulnerability 
is to data confidentiality and integrity as well as system availability. 
CVE-2021-28091 
lasso -- lasso Lasso all versions prior to 2.7.0 has improper verification of a 2021-06-04 not yet mee 
cryptographic signature. calculated MISC 
DEBIAN 
, ‘ dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an 
libavcodes — libaveodec out-of-bounds array access because dc_count is not strictly 2021-06-03 not yet /CVE-2021-33515 
checked. calculated |MISC 
Libjpeg-turbo all version have a stack-based buffer overflow in the 
libpeg-turbo -- libpeg-turbo "transform" component. A remote attacker can send a malformed 2021-06-01 not yet |CVE-2020-17541 
jpeg file to the service and cause arbitrary code execution or calculated |MISC 
denial of service of the target service. 
libraw -- libraw Libraw before 0.20.1 has a stack buffer overflow via 2021-06-02 not yet we 
LibRaw::identify_process_dng_fields in identify.cpp. iis calculated | a= 
y_p _ang_ y.cpp MISC 
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DBSec data in the Insights Server. 














Primary ae P Cvss Source & Patch 
Vendor -- Product Bescnpron Pubilehed Score Info 
A stack corruption bug was found in libtpms in versions before 
: : 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw 
libtpms = libtpms could result in a SIGBUS (bad memory access) and termination of || 2021-06-03 OLS oe 
swtpm. The highest threat from this vulnerability is to system ———— 
availability. 
There's a flaw in libxml2's xmllint in versions before 2.9.11. An 
libxml2 -- xmllint attacker who is able to submit a crafted file to be processed by 2021-06-01 not yet |CVE-2021-3516 
xmilint could trigger a use-after-free. The greatest impact of this calculated |MISC 
flaw is to confidentiality, integrity, and availability. 
The io_uring subsystem in the Linux kernel allowed the 
MAX_RW_COUNT limit to be bypassed in the 
PROVIDE_BUFFERS operation, which led to negative values CVE-2021-3491 
being usedin mem_rw when reading /proc/<PID>/mem. This could UBUNTU 
linux dinuxcleernel be used to create a heap overflow leading to arbitrary code not yet |UBUNTU 
= execution in the kernel. It was addressed via commit 2021-06-04 Saiciea MISC. 
d1f82808877b ("io_uring: truncate lengths larger than MISC 
MAX_RW_COUNT on provide buffers") (v5.13-rc1) and IMLIST 
backported to the stable kernels in v5.12.4, v5.11.21, and (aac 
V5.10.37. It was introduced in ddf0322db79c ("io_uring: add 
IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1). 
A flaw was found in the Linux kernel. An index buffer overflow 
, : during Direct 1O write leading to the NFS client to crash. In some 
Henee=lieneeReatiie cases, a reach out of the index after one memory allocation by 2021-06-02 ay oe 
kmalloc will cause a kernel panic. The highest threat from this ee 
vulnerability is to data confidentiality and system availability. 
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux 
kernel did not check that the allocated size was smaller than the 
ringbuf size, allowing an attacker to perform out-of-bounds writes oo 
linuse= lina kemiel within the kernel and therefore, arbitrary code execution. This not yet |UBUNTU 
= issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny 2021-06-04 Br tae UBUNTU 
reserve of buffers larger than ringbuf") (v5.13-rc4) and backported MISC. 
to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was MLIST 
introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and Pa ee 
verifier support for it") (v5.8-rc1). 
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and 
XOR) in the Linux kernel did not properly update 32-bit bounds, 
which could be turned into out of bounds reads and writes in the 
Linux kernel and therefore, arbitrary code execution. This issue Pca an 
lintne == linu<kerniel was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg fotver. IMISG 
= bound tracking on bitwise operations") (v5.13-rc4) and backported |} 2021-06-04 eid MISC 
to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The UBUNTU 
AAND/OR issues were introduced by commit 3f50f132d840 ("bpf: IMLIST 
Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the pears 
XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier 
failure with xor") ( 5.10-rc1). 
Luca through 1.7.4 on Android allows remote attackers to obtain na 
luca -- luca sensitive information about COVID-19 tracking because requests 2021-06-04 not yet MISC 
related to Check-In State occur shortly after requests for Phone calculated MISC 
Number Registration. MISC 
Luca through 1.7.4 on Android allows remote attackers to obtain oe 
luca -- luca sensitive information about COVID-19 tracking because the QR not yet 
: : : ; ; 2021-06-04 MISC 
code of a Public Location can be intentionally confused with the calculated MISC 
QR code of a Private Meeting. MISC 
The server in Luca through 1.1.14 allows remote attackers to 
luca -- luca cause a denial of service (insertion of many fake records related 2021-06-04 not yet — 
to COVID-19) because Phone Number data lacks a digital calculated MISC 
signature. i 
There's a flaw in Iz4. An attacker who submits a crafted file to an 
application linked with Iz4 may be able to trigger an integer 
Iz4 -- 1z4 overflow, leading to calling of memmove() on a negative size 2021-06-02 not yet |CVE-2021-3520 
argument, causing an out-of-bounds write and/or a crash. The calculated |MISC 
greatest impact of this flaw is to availability, with some potential 
impact to confidentiality and integrity as well. 
Cleartext Transmission of Sensitive Information vulnerability in the 
administrator interface of McAfee Database Security (DBSec) 
= : prior to 4.8.2 allows an administrator to view the unencrypted ae not yet |CVE-2021-23896 
meafee — database_security password of the McAfee Insights Server used to pass data to the eee calculated |CONFIRM 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Descnprion Pubilehed Score Info 
Incorrect access to deleted scripts vulnerability in McAfee 
: Database Security (DBSec) prior to 4.8.2 allows a remote 
meafee — database_security authenticated attacker to gain access to signed SQL scripts which || 2021-06-03 ae . d en 
have been marked as deleted or expired within the administrative a 
console. This access was only available through the REST API. 
Deserialization of untrusted data vulnerability in McAfee Database 
: Security (DBSec) prior to 4.8.2 allows a remote authenticated 
meafee — database_security attacker to create a reverse shell with administrator privileges on 2021-06-02 ao d es 
the DBSec server via carefully constructed Java serialized object —— 
sent to the DBSec server. 
Deserialization of untrusted data vulnerability in McAfee Database 
: Security (DBSec) prior to 4.8.2 allows a remote unauthenticated 
meafee — database_security attacker to create a reverse shell with administrator privileges on 2021-06-02 mice d ee 
the DBSec server via carefully constructed Java serialized object ——— 
sent to the DBSec server. 
Improper Neutralization of Input During Web Page Generation 
(‘Cross-site Scripting’) vulnerability in McAfee Database Security 
_ F (DBSec) prior to 4.8.2 allows an administrator to embed : . 
Maia -ratabane as ecunly JavaScript code when configuring the name of a database to be 2021-06-03 Sh tee aoa ne 
monitored. This would be triggered when any authorized user logs paeeernaae acer 
into the DBSec interface and opens the properties configuration 
page for this database. 
Haicko fOCle = Insertion of Sensitive Information into Log File vulnerability in 
sacurasapl manager Micro Focus Secure API Manager (SAPIM) product, affecting 2021-06-04 not yet CVE-2021-22516 
ap 9 version 2.0.0. The vulnerability could lead to sensitive information calculated |MISC 
being in a log file. 
When an authenticated password change request takes place, 
this vulnerability could allow the attacker to intercept the message 
micrologix -- micrologix that includes the legitimate, new password hash and replace it 2021-06-03 not yet |CVE-2021-32926 
with an illegitimate hash. The user would no longer be able to calculated |MISC 
authenticate to the controller (Micro800: All versions, MicroLogix 
1400: Version 21 and later) causing a denial-of-service condition 
Mintty before 3.4.5 allows remote servers to cause a denial of 
service (Windows GUI hang) by telling the Mintty window to CVE-2021-28848 
mintty -- mintty change its title repeatedly at high speed, which results in many 2021-06-03 not yet CONFIRM 
SetWindowTextA or SetWindowTextW calls. In other words, it calculated |MISC 
does not implement a usleep or similar delay upon processing a CONFIRM 
title change. 
MobaxXterm before 21.0 allows remote servers to cause a denial CVE-2021-28847 
mobaxterm -- mobaxterm of service (Windows ang) via tab title change requests tha hotyet’ |e 
baxt baxt f ice (Wind GUI hang) via tab title change requests that 2021-06-03 t yet MISC 
are sent repeatedly at high speed, which results in many calculated CONFIRM 
SetWindowTextA or SetWindowTextW calls. ———— 
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 
mozilla -- firefox 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary 2021-06-02 not yet CVE-2011-3656 
web script or HTML via vectors involving HTTP 0.9 errors, non- calculated |MISC 
default ports, and content-sniffing. 
A flaw was found in the xdg-email component of xdg-utils-1.1.0- 
rc1 and newer. When handling mailto: URIs, xdg-email allows 
attachments to be discreetly added via the URI when being 
mozilla -- thunderbird passed to Thunderbird. An attacker could potentially send a victim not vet CVE-2020-27748 
a URI that automatically attaches a sensitive file to a new email. If || 2021-06-01 eerie MISC 
a victim user does not notice that an attachment was added and MISC 
sends the email, this could result in sensitive information 
disclosure. It has been confirmed that the code behind this issue 
is in xdg-email and not in Thunderbird. 
: ‘ Prototype pollution vulnerability in 'nestie' versions 0.0.0 through 
Deseo eens 1.0.0 allows an attacker to cause a denial of service and may lead || 2021-06-03 peti nes 
to remote code execution. (eagese 
Nextcloud Mail is a mail app for the Nextcloud platform. A missing 
permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows CVE-2021-32652 
nextcloud -- mail another authenticated users to access mail metadata of other 2021-06-01 not yet a“ = 
users. Versions 1.4.3 and 1.8.2 contain patches for this calculated CONFIRM 
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Prima ae : CVSS Source & Patch 
Vendor -- Pesalick Description Published Score Info 
Nextcloud Server is a Nextcloud package that handles data 
storage. A vulnerability in federated share exists in versions prior 
to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to 
basic information about users of a server by accessing a public 
link that a legitimate server user added as a federated share. This 
Wexicloud=xsenier happens because Nextcloud supports sharing registered users 2021-06-01 not yet — 
with other Nextcloud servers, which can be done automatically calculated CONFIRM 
when selecting the "Add server automatically once a federated bein 
share was created successfully" setting. The vulnerability is 
patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, 
disable "Add server automatically once a federated share was 
created successfully" in the Nextcloud settings. 
Nextcloud Server is a Nextcloud package that handles data 
storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, 
and 21.0.2, a malicious user may be able to break the user 
administration page. This would disallow administrators to not yet fae eee see 
nextcloud -- server sass : he 2 2021-06-01 MISC 
administrate users on the Nextcloud instance. The vulnerability is calculated CONFIRM 
fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, esos 
administrators can use the OCC command line tool to 
administrate the Nextcloud users. 
Nextcloud Server is a Nextcloud package that handles data 
storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an 
attacker is able to convert a Files Drop link to a federated share. 
Wexicloud: Sener This causes an issue on the UI side of the sharing user. When the not yet CVE-2021-32655 
sharing user opens the sharing panel and tries to remove the 2021-06-01 calculated MISC 
"Create" privileges of this unexpected share, Nextcloud server CONFIRM 
would silently grant the share read privileges. The vulnerability is 
patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds 
are known to exist. 
Nextcloud Server is a Nextcloud package that handles data 
storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an 
Waxicloudsasener attacker is able to receive write/read privileges on any Federated not yet CVE-2021-32654 
File Share. Since public links can be added as federated file 2021-06-01 Galéulated CONFIRM 
share, this can also be exploited on any public link. Users can MISC 
upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a 
workaround, disable federated file sharing. 
Nextcloud Server is a Nextcloud package that handles data 
storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 
nextcloud -- server 21.0.2 send user IDs to the lookup server even if the user has no 2021-06-01 not yet oe 
fields set to published. The vulnerability is patched in versions calculated CONFIRM 
19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates ee 
are known to exist. 
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 
ngix -- controller Administrator password may be exposed in the systemd.txt file 2021-06-01 shale oo 
that is included in the NGINX support package. ——— 
: The NAAS 3.x before 3.10.0 API keys were generated using an 
noi cpnroller insecure pseudo-random string andinashing alaoutin which could|| 2021-06-01 ee oe 
lead to predictable keys. catcurated jis 
ngix -- controller The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are not yet 7 is 
vulnerable to Regular Expression Denial of Service (ReDoS) via 2021-06-01 calculated MISC 
email validation. MISC 
F Intra-cluster communication does not use TLS. The services 
neve omvalet within the NGINX Controller 3.x before 3.4.0 namespace are using|} 2021-06-01 He on ee 
cleartext protocols inside the cluster. calculated (MISC 
F The Nginx Controller 3.x before 3.7.0 agent configuration file 
Raikes comnalien /etc/controller-agent/agent.conf is world readable with current 2021-06-01 ae eee eonel 
permission bits set to 644. calculated (MISC 
A security issue in nginx resolver was identified, which might allow CVE-2021-23017 
ngix -- resolver an attacker who is able to forge UDP packets from the DNS server 2021-06-01 not yet MISC. 
ito cause 1-byte memory overwrite, resulting in worker process calculated MISC 
crash or potential other impact. ——— 
A flaw null pointer dereference in the Nitro Enclaves kernel driver 
nitrecenclaves:<okemel driver was found in the way that Enclaves VMs forces closures on the not yet CVE-2021-3543 
= = enclave file descriptor. A local user of a host machine could use 2021-06-01 éaleulated MISC 
this flaw to crash the system or escalate their privileges on the MISC 
system. 
The merge-deep library before 3.0.3 for Node.js can be tricked 
F P into overwriting properties of Object.prototype or adding new CVE-2021-26707 
node.js -- merge-deep-library : P : : f not yet MISC 
properties to it. These properties are then inherited by every 2021-06-02 calculated MISC 
object in the program, thus facilitating prototype-pollution attacks MISC 








against applications using this library. 
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Primary are P Cvss Source & Patch 
Vendor -- Product Pescnpron Pubilehed Score Info 
A flaw was found in noobaa-core in versions before 5.7.0. This 
flaw results in the name of an arbitrarily URL being copied into an 
: ” : HTML document as plain text between tags, including potentially a : : 
Negkca Ore = NieBas: Cpls payload script. The input was echoed unmodified in the 2021-06-02 Bite oe 
application response, resulting in arbitrary JavaScript being fe= 
injected into an application's response. The highest threat to the 
system is for confidentiality, availability, and integrity. 
obottle -- oboitle : : . : F an not yet |CVE-2020-36008 
OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability. 2021-06-03 calculated |CONFIRM 
obottle -- oboitle OBottle 2.0 in \c\g.php contains an arbitrary file download 2021-06-03 not yet ||CVE-2020-36009 
Vulnerability. calculated |CONFIRM 
OneDev is a development operations platform. If the LDAP 
external authentication mechanism is enabled in OneDev versions 
Anedeyiconedav 4.4.1 and prior, an attacker can manipulate a user search filter to Havat CVE-2021-32651 
send forged queries to the application and explore the LDAP tree || 2021-06-01 eid MISC 
using Blind LDAP Injection techniques. The specific payload CONFIRM 
depends on how the User Search Filter property is configured in 
OneDev. This issue was fixed in version 4.4.2. 
: , _ The id paramater in Online Shopping Alphaware 1.0 has been CVE-2020-25362 
el Hie ee rt discovered to be vulnerable to an Error-Based blind SQL injection 2021-06-02 not yet MISC 
—Snopping_alp in the /alphaware/details.php path. This allows an attacker to calculated ||MISC 
retrieve all databases. MISC 
In OpenNMS Horizon, versions opennms-1-0-stable through 
opennms-27.1.0-1; OpenNMS Meridian, versions meridian- 
foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; CVE-2021-25932 
Spanning holon meridian-foundation-2020.1.0-1 through meridian-foundation- fot vet MISC 
P 2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the|/ 2021-06-01 ead MISC 
function ‘validateFormInput() performs improper validation MISC 
checks on the input sent to the “‘userlD° parameter. Due to this MISC 
flaw an attacker could inject an arbitrary script which will be stored 
in the database. 
A flaw was found in the Restricted Security Context Constraints 
see : (SCC), where it allows pods to craft custom network packets. This ‘i 
PPen shit = contac i hlavan flaw allows an attacker to cause a denial of service attack on an 2021-06-02 Pee as 
OpenShift Container Platform cluster if they can deploy pods. The feos 
highest threat from this vulnerability is to system availability. 
It was discovered that OpenShift Container Platform's (OCP) 
+ P distribution of Kibana could open in an iframe, which made it 
Ppepsnit container plavon possible to intercept and manipulate requests. This flaw allows an |} 2021-06-02 haus v1 rae 
attacker to trick a user into performing arbitrary actions in OCP's lees 
distribution of Kibana, such as clickjacking. 
An insecure modification flaw in the /etc/kubernetes/kubeconfig 
file was found in OpenShift. This flaw allows an attacker with 
access to a running container which mounts /etc/kubernetes or 
openshift -- openshift has local access to the node, to copy this kubeconfig file and 2021-06-02 not yet |CVE-2020-35514 
attempt to add their own node to the OpenShift cluster. The calculated ||MISC 
highest threat from this vulnerability is to confidentiality, integrity, 
as well as system availability. This flaw affects versions before 
openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. 
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 
P 2.14.0, the proxy-server logs full tempurl paths, potentially leaking 
Openstack -- swift reusable tempurl signatures to anyone with read access to these 2021-06-02 a wee 
logs. All Swift deployments using the tempurl middleware are ae 
affected. 
OpenVPN Access Server 2.8.7 and earlier versions allows a CVE-2020-15077 
openvpn -- access_server remote attackers to bypass authentication and access control 2021-06-04 not yet a 
channel data on servers configured with deferred authentication, calculated MISC 
which can be used to potentially trigger further information leaks. seas 
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to CVE-2020-36382 
Openvpn -- access_server trigger an assert during the user authentication phase via incorrect notyet: |e 
atl : 2021-06-04 MISC 
authentication token data in an early phase of the user calculated MISC 
authentication resulting in a denial of service. ae 
A vulnerability was found in OVN Kubernetes in versions up to 
and including 0.3.0 where the Egress Firewall does not reliably 
Oun=-Rubemeles apply firewall rules when there is multiple DNS rules. It could lead | 2021-06-02 || "Ot yet | eo 
to potentially lose of confidentiality, integrity or availability of a fpmceerae 
service. 
pbootcms -- pbootcms Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via 2021-06-03 not yet |CVE-2020-21003 
admin.php. calculated ||MISC 
A stored cross-site scripting (XSS) vulnerability was discovered in 
pfsense -- pfsense pfSense 2.4.5-p1 which allows an authenticated attacker to 2021-06-01 not yet ||CVE-2020-26693 
execute arbitrary web scripts via exploitation of the calculated |MISC 








load_balancer_monitor.php function. 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Descnption Pubilehed Score Info 
A shell injection flaw was found in pglogical in versions before 
: : 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges 
pglogical -- pglocgical on a PostgreSQL server can craft a database name that allows 2021-06-01 hotyet |ieeeseeet-s51s 
: : calculated |MISC 
execution of shell commands as the postgresql user when calling 
pglogical.create_subscription(). 
pharmacy_medical_store_and_sale ||SbiatcatID parameter in Pharmacy Medical Store and Sale Point CVE-2020-24862 
-- v1.0 has been found to be vulnerable to a Time-Based blind SQL 2021-06-02 not yet MISC 
pharmacy_medical_store_and_sale ||pgettion via the /medical/inventories.php path which allows calculated |MISC 
attackers to retrieve all databases. MISC 
An issue was discovered in Pillow before 8.2.0. For BLP data, CVE-2021-28678 
; op BlplmagePlugin did not properly check that reads (after jumping to 06. not yet MISC 
BOY <ipillowy file offsets) returned data. This could lead to a DoS where the eres calculated |MISC 
decoder could be run a large number of times on empty data. FEDORA 
CVE-2021-25288 
pillow -- pillow An issue was discovered in Pillow before 8.2.0. There is an out-of- 2021-06-02 not yet |MISC 
bounds read in J2kDecode, in j2ku_gray_i. calculated |MISC 
FEDORA 
illow -- pillow An issue was discovered in Pillow before 8.2.0. For FLI data, ndbvet ni 
P P FliDecode did not properly check that the block advance was non- |} 2021-06-02 eee MISC 
zero, potentially leading to an infinite loop on load. FEDORA 
An issue was discovered in Pillow before 8.2.0. 
pillow -- pillow PSDImagePlugin.PsdIlmageFile lacked a sanity check on the 2021-06-02 not yet it Seal 
number of input layers relative to the size of the data block. This calculated ||-—--~— 
: FEDORA 
could lead to a DoS on Image.open prior to Image.load. 
An issue was discovered in Pillow before 8.2.0. For EPS data, the 
readline implementation used in EPSImageFile has to deal with CVE-2021-28677 
illow -- pillow any combination of \r and \n as line endings. It used an not yet MISC. .Ot~S~™S 
P accidentally quadratic method of accumulating lines while looking || 2021-06-02 Paes 
: : aa : : calculated |MISC 
for a line ending. A malicious EPS file could use this to perform a FEDORA 
DoS of Pillow in the open phase, before an image was accepted ——— 
for opening. 
CVE-2021-25287 
pillow -- pillow An issue was discovered in Pillow before 8.2.0. There is an out-of- 2021-06-02 not yet |MISC 
bounds read in J2kDecode, in j2ku_graya_la. calculated |MISC 
FEDORA 
A flaw was found in postgresql in versions before 13.3, before 
12.7, before 11.12, before 10.17 and before 9.6.22. While CVE-2021-32027 
postgresql -- postgresql modifying certain SQL array values, missing bounds checks let notyet | a. 
: : : : 2021-06-01 MISC 
authenticated database users write arbitrary bytes to a wide area calculated MISC 
of server memory. The highest threat from this vulnerability is to roe 
data confidentiality and integrity as well as system availability. 
Several memory leaks were found in the virtio vhost-user GPU 
device (vhost-user-gpu) of QEMU in versions up to and including Aabvat CVE-2021-3544 
qemu -- qemu 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and 2021-06-02 sical MISC 
contrib/vhost-user-gpu/virgl.c due to improper release of memory MLIST 
(i.e., free) after effective lifetime. 
A flaw was found in vhost-user-gpu of QEMU in versions up to 
and including 6.0. An out-of-bounds write vulnerability can allow a 
éing:idemti malicious guest to crash the QEMU process on the host resulting not vet CVE-2021-3546 
q q in a denial of service or potentially execute arbitrary code on the 2021-06-02 eae MISC 
host with the privileges of the QEMU process. The highest threat MLIST 
from this vulnerability is to data confidentiality and integrity as well 
as system availability. 
A NULL pointer dereference flaw was found in the megasas-gen2 
SCSI host bus adapter emulation of QEMU in versions before and 
including 6.0. This issue occurs in the 
deta deln megasas_command_cancelled() callback function while dropping |} 2021-06-02 Pine 1 noes 
a SCSI request. This flaw allows a privileged guest user to crash i 
the QEMU process on the host, resulting in a denial of service. 
The highest threat from this vulnerability is to system availability. 
An information disclosure vulnerability was found in the virtio 
vhost-user GPU device (vhost-user-gpu) of QEMU in versions up : ‘ 
qemu -- qemu to and including 6.0. The flaw exists in 2021-06-02 not yet a 
Vvirgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and calculated |" c- 
eee: ae MLIST 
could occur due to the read of uninitialized memory. A malicious 
guest could exploit this issue to leak memory from the host. 
A divide-by-zero issue was found in dwc2_handle_packet in nee 
qemu -- qemu hw/usb/hced-dwe2.c in the hcd-dwe2 USB host controller emulation 2021-06-02 not yet MISC 
of QEMU. A malicious guest could use this flaw to crash the calculated MISC 
QEMU process on the host, resulting in a denial of service. MISC 
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records from the network. The highest threat from this vulnerability 
is to system availability. 

















Primary are P Cvss Source & Patch 
Vendor -- Product Bescmpion Pubilehed Score Info 
CVE-2019-12067 
ehitcosaeiil The ahci_commit_buf function in ide/ahci.c in QEMU allows notvet MISC 
q q attackers to cause a denial of service (NULL dereference) when 2021-06-02 eaeaicd MISC 
the command header 'ad->cur_cmd' is null. MISC 
MISC 
[A DOM-based XSS vulnerability has been reported to affect 
QNAP NAS running QTS and QuTS hero. If exploited, this 
vulnerability allows attackers to inject malicious code. This issue 
Aabicenas affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 2021-06-03 not yet ||CVE-2021-28806 
anap Build 20210428. QNAP Systems Inc. QuTS hero versions prior to calculated ||MISC 
h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud 
versions prior to c4.5.5.1656 Build 20210503. This issue does not 
affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3. 
A post-authentication reflected XSS vulnerability has been 
reported to affect QNAP NAS running Q’center. If exploited, this 
vulnerability allows remote attackers to inject malicious code. 
qnap -- nas QNAP have already fixed this vulnerability in the following 2021-06-03 not yet ||CVE-2021-28807 
versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later calculated |MISC 
QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center 
v1.10.1004 and later QuUTS hero h4.5.2: Q’center v1.12.1012 and 
later QuTScloud c4.5.4: Q’center v1.12.1012 and later 
A command injection vulnerability has been reported to affect 
certain versions of Video Station. If exploited, this vulnerability 
allows remote attackers to execute arbitrary commands. This 
qnap -- video_station issue affects: QNAP Systems Inc. Video Station versions prior to 2021-06-03 not yet |CVE-2021-28812 
5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; calculated |MISC 
versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not 
affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 
4.3.3. 
A stack buffer overflow in Realtek RTL8710 (and other Ameba- 
based devices) can lead to remote code execution via the 
feaheb sleet) "memcpy" function, when an attacker in Wi-Fi range sends a 2021-06-04 ttae a 
crafted "Encrypted GTK" value as part of the WPA2 4-way- perce 
handshake. 
A stack buffer overflow in Realtek RTL8710 (and other Ameba- 
based devices) can lead to remote code execution via the 
fealien es tilez 10 "AES_UnWRAP" function, when an attacker in Wi-Fi range sends || 2021-06-04 || "ote! . oe 
a crafted "Encrypted GTK" value as part of the WPA2 4-way- heeaenchaca 
handshake. 
‘The RebornCore library before 4.7.3 allows remote code 
execution because it deserializes untrusted data in 
Keborncore:-= bra ObjectInputStream.readObject as part of Aokvet v1 a 
'y reborncore.common.network.ExtendedPacketBuffer. An attacker 2021-05-31 y haere 
: : : calculated |MISC 
can instantiate any class on the classpath with any data. A class MISC 
usable for exploitation might or might not be present, depending imaaaana 
on what Minecraft modifications are installed. 
A flaw was found in keycloak as shipped in Red Hat Single Sign- 
= On 7.4 where IDN homograph attacks are possible. A malicious 06. not yet |CVE-2021-3424 
pec ateied Nat user can register himself with a name already registered and trick eee calculated ||MISC 
admin to grant him extra privileges. 
A flaw was found in the AMQ Broker that discloses JDBC 
red_hat -- red_hat encrypted usernames and passwords when provided in the AMQ 2021-06-01 not yet |CVE-2021-3425 
Broker application logfile when using the jdbc persistence calculated |MISC 
functionality. Versions shipped in Red Hat AMQ 7 are vulnerable. 
An account takeover flaw was found in Red Hat Satellite 6.7.2 
red_hat -- red_hat onward. A potential attacker with proper authentication to the 2021-06-02 not yet ||CVE-2020-14380 
relevant external authentication source (SSO or Open ID) can calculated |MISC 
claim the privileges of already existing local users of Satellite. 
A credential leak vulnerability was found in Red Hat Satellite. This 
eave Ne flaw exposes the compute resources credentials through VMs that || 2021-06-02 Pee . d 1 acnaria 
are running on these resources in Satellite. [Saar 
A flaw was found in the Red Hat 3scale API Management 
Platform, where member permissions for an API's admin portal 
red_hat red hat were not properly enforced. This flaw allows an authenticated user||_ 2021-06-02 not yet | Eveeees sees 
sa : calculated |MISC 
ito bypass normal account restrictions and access API services 
where they do not have permission. 
A flaw was found in Red Hat Satellite, which allows a privileged 
attacker to read OMAPI secrets through the ISC DHCP of Smart- 
red_hats- redhat Proxy. This flaw allows an attacker to gain control of DHCP 2021-06-02 ra . d Sammars 
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authenticated users to write arbitrary files via unspecified vectors. 

















Prima’ rae, ; CVSS Source & Patch 
Vendor -- Pesalick Descnpron Fubllehes Score Info 
Redis is an open source (BSD licensed), in-memory data structure 
store, used as a database, cache, and message broker. An 
integer overflow bug in Redis version 6.0 or newer (on 32-bit 
systems ONLY) can be exploited using the ‘“STRALGO LCS’ 
command to corrupt the heap and potentially result with remote CVE-2021-32625 
redis -- redis code execution. This is a result of an incomplete fix for CVE-2021- 2021-06-02 not yet CONFIRM 
29477 which only addresses the problem on 64-bit systems but calculated |MISC 
fails to do that for 32-bit. 64-bit systems are not affected. The MISC 
problem is fixed in version 6.2.4 and 6.0.14. An additional 
workaround to mitigate the problem without patching the ‘redis- 
server executable is to use ACL configuration to prevent clients 
from using the “STRALGO LCS* command. 
A vulnerability was found in RESTEasy, where RootNode 
incorrectly caches routes. This issue results in hash flooding, 
pesteasy = (esieasy leading to slower requests with higher CPU time spent searching 2021-06-02 ey ee hee 
and adding the entry. This flaw allows an attacker to cause a calculated (MISC 
denial of service. 
An argument injection vulnerability in the Dragonfly gem before wae 
1.4.0 for Ruby allows remote attackers to read and write to MISC 
ruby -- dragonfly arbitrary files via a crafted URL when the verify_url option is 2021-05-29 not yet MISC 
disabled. This may lead to code execution. The problem occurs calculated MISC 
because the generate and process features mishandle use of the MISC 
ImageMagick convert utility. MISC 
Deno is a runtime for JavaScript and TypeScript that uses V8 and 
is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are 
rust -- deno dynamically imported through ‘import()’ or ‘new Worker’ might 2021-05-28 not yet |CVE-2021-32619 
have been able to bypass network and file system permission calculated |CONFIRM 
checks when statically importing other modules. The vulnerability 
has been patched in Deno release 1.10.2. 
‘The restapps (aka Rest Phone apps) module for Sangoma CVE-2020-10666 
Sangoma -- freepbx_and_pbxact |e .4pBx and PBXact 13, 14, and 15 through 15.0.19.2 allows 2021-05-31 |) NOrver  limisc 
remote code execution via a URL variable to an AMI command. calculate MISC 
### Impact Due to incorrect use of a default URL, “singularity” 
action commands (‘run’/‘shell’/'exec’) specifying a container 
using a ‘library:// URI will always attempt to retrieve the container 
from the default remote endpoint (‘cloud.sylabs.io’) rather than the 
configured remote endpoint. An attacker may be able to push a 
malicious container to the default remote endpoint with a URI that 
is identical to the URI used by a victim with a non-default remote 
endpoint, thus executing the malicious container. Only action 
commands (‘run’/‘shell’/ exec’) against ‘library:/// URIs are 
F ; : . affected. Other commands such as ‘pull’ / ‘push’ respect the 
pingulaniy-<-Singulanty configured remote endpoint. ### Baiches Al users Should 2021-05-28 ies ee a 
upgrade to Singularity 3.7.4 or later. #### Workarounds Users who ———————e 
only interact with the default remote endpoint are not affected. 
Installations with an execution control list configured to restrict 
execution to containers signed with specific secure keys are not 
affected. ### For more information General questions about the 
impact of the advisory can be asked in the: - [SingularityCE Slack 
Channel](https://singularityce.slack.com) - [SingularityCE Mailing 
List](https://groups.google.com/g/singularity-ce) Any sensitive 
security concerns should be directed to: security@sylabs.io See 
our Security Policy here: https://sylabs.io/security-policy 
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not 
s0go -- sogo validate the signatures of any SAML assertions it receives. Any not yet ii ans 
actor with network access to the deployment could impersonate 2021-06-04 Fears 
: as : calculated ||MISC 
users when SAML is the authentication method. (Only versions MISC 
after 2.0.5a are affected.) faired 
Improper limitation of a pathname to a restricted directory (‘Path 
synology -- diskstation_manager Traversal’) in cgi component in Synology DiskStation Manager 2021-06-01 not yet |CVE-2021-29088 
(DSM) before 6.2.4-25553 allows local users to execute arbitrary calculated |CONFIRM 
code via unspecified vectors. 
Improper limitation of a pathname to a restricted directory (‘Path 
synology -- docker Traversal’) vulnerability container volume management 2021-06-01 not yet |CVE-2021-33183 
component in Synology Docker before 18.09.0-0515 allows local calculated |CONFIRM 
users to read or write arbitrary files via unspecified vectors. 
Server-Side request forgery (SSRF) vulnerability in task 
synology -- download_station management component in Synology Download Station before 2021-06-01 not yet CVE-2021-33184 
3.8.15-3563 allows remote authenticated users to read arbitrary calculated |CONFIRM 
files via unspecified vectors. 
Improper limitation of a pathname to a restricted directory (‘Path 
f Traversal’) vulnerability in file management component in not yet |CVE-2021-29091 
eyiology ~iphote_ station Synology Photo Station before 6.8.14-3500 allows remote 2021-06-02 |! calculated [CONFIRM 
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Primary ae P Cvss Source & Patch 
Vendor -- Product Beschpron Pubilehed Score Info 
Improper neutralization of special elements used in an SQL 
: command (‘SQL Injection’) vulnerability in thumbnail component in 
synology — photo_station Synology Photo Station before 6.8.14-3500 allows remote 2021-06-02 |) "ot vet ee 
attackers users to execute arbitrary SQL commands via ———— 
unspecified vectors. 
Improper neutralization of special elements used in an SQL 
: command (‘SQL Injection’) vulnerability in PHP component in 
synology — photo_station Synology Photo Station before 6.8.14-3500 allows remote 2021-06-02 |) "ot vet oes 
authenticated users to execute arbitrary SQL command via ——— 
unspecified vectors. 
Unrestricted upload of file with dangerous type vulnerability in file 
synology -- photo_station management component in Synology Photo Station before 6.8.14- 2021-06-01 not yet |CVE-2021-29092 
3500 allows remote authenticated users to execute arbitrary code calculated |CONFIRM 
via unspecified vectors. 
Improper limitation of a pathname to a restricted directory (‘Path 
synology -- diskstation_manager Traversal’) vulnerability in PDF Viewer component in Synology 2021-06-01 not yet CVE-2021-33182 
DiskStation Manager (DSM) before 6.2.4-25553 allows remote calculated |CONFIRM 
authenticated users to read limited files via unspecified vectors. 
Improper neutralization of special elements used in an SQL 
synology -- media_server command (‘SQL Injection’) vulnerability in cgi component in 2021-06-01 not yet |CVE-2021-33180 
Synology Media Server before 1.8.1-2876 allows remote attackers calculated |CONFIRM 
ito execute arbitrary SQL commands via unspecified vectors. 
Server-Side Request Forgery (SSRF) vulnerability in webapi 
synology -- video_ station component in Synology Video Station before 2.4.10-1632 allows 2021-06-01 not yet |CVE-2021-33181 
remote authenticated users to send arbitrary request to intranet calculated |CONFIRM 
resources via unspecified vectors. 
; Null pointer dereference in Tianocore EDK2 may allow an 
Hemant ah? authenticated user to potentially enable escalation of privilege via || 2021-06-03 fi ue d we 
local access. calculated |MISC 
A flaw was found in tpm2-tools in versions before 5.1.1 and before 
4.3.2. tpm2_import used a fixed AES key for the inner wrapper, 
toma pols pm tagls potentially allowing a MITM attacker to unwrap the inner portion 2021-06-04 Puen 7 na 
and reveal the key being imported. The highest threat from this pa 
vulnerability is to data confidentiality. 
The Trend Micro Maximum Security 2021 (v17) consumer product 
is vulnerable to an improper access control vulnerability in the CVE-2021-32460 
trend_micro -- maximum_security _ |linstaller which could allow a local attacker to escalate privileges not yet- |aea 
: 2021-06-03 MISC 
on a target machine. Please note than an attacker must already calculated MISC 
have local user privileges and access on the machine to exploit a 
this vulnerability. 
A regular expression denial of service (ReDoS) vulnerability in the 
alidatebaseutl--.validatebaseun VvalidateBaseUrl function can cause the application to use ak vet CVE-2020-1920 
excessive resources, become unresponsive, or crash. This was 2021-06-01 raed CONFIRM 
introduced in react-native version 0.59.0 and fixed in version MISC 
0.64.1. 
A security vulnerability in HPE OneView for VMware vCenter 
7 (OV4VC) could be exploited remotely to allow Cross-Site is ? 
NnMSTS Nees Scripting. HPE has released the following software update to 2021-06-03 ee — 
resolve the vulnerability in HPE OneView for VMware vCenter incase 
(OV4VC). 
A remote code execution issue was discovered in the web UI of 
Vvolpmonitor -- volpmonitor VolPmonitor before 24.61. When the recheck option is used, the 2021-05-29 not yet |CVE-2021-30461 
user-supplied SPOOLDIR value (which might contain PHP code) calculated |MISC 
is injected into config/configuration.php. 
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in CVE-2020-21005 
wellcms -- wellcms to the CMS background and upload a picture. Because the upload 2021-06-03 not yet MISC... 
file type is controllable, the user can modify the upload file type to calculated MISC 
get webshell. ——— 
wire-ios is the iOS version of Wire, an open-source secure 
messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability ss 7 
Wires<s eradios exists that can cause a denial of service between users. If a user 2021-06-03 not yet a 
has an invalid assetID for their profile picture and it contains the " calculated MISC. 
character, it will cause the iOS client to crash. The vulnerability is fears 
patched in wire-ios version 3.8.1. 
wire-ios is the iOS version of Wire, an open-source secure 
messaging app. wire-ios versions 3.8.0 and earlier have a bug in 
which a conversation could be incorrectly set to "unverified. This 
wire -- iore-ios occurs when: - Self user is added to a new conversation - Self 2021-06-03 not yet a 
user is added to an existing conversation - All the participants in calculated CONFIRM 








ithe conversation were previously marked as verified. The 
vulnerability is patched in wire-ios version 3.8.1. As a workaround, 
one can unverify & verify a device in the conversation. 
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bt_bb_listing_field_price_range_from and 
bt_bb_listing_field_price_range_to parameter in ints listing page, 





leading to reflected Cross-Site Scripting issues. 














Prima’ ae : CVSS Source & Patch 
Vendor -- Penalick Bescnpiion Pubilehed Score Info 
The Instant Images a€“ One Click Unsplash Uploads WordPress 
plugin before 4.4.0.1 did not properly validate and sanitise its 
unsplash_download_w and unsplash_download_h parameter not yet CVE-2021-24334 
wordpress -- wordpress : : ae P 2021-06-01 MISC 
settings (/wp-admin/upload.php?page=instant-images), only calculated CONFIRM 
validating them client side before saving them, leading to a Stored bape 
Cross-Site Scripting issue. 
The WP Login Security and History WordPress plugin through 1.0 CVE-2021-24328 
did not have CSRF check when saving its settings, not any not vet MISC 
wordpress -- wordpress sanitisation or validation on them. This could allow attackers to 2021-06-01 aateaciea MISC 
make logged in administrators change the plugin's settings to CONFIRM 
arbitrary values, and set XSS payloads on them as well MISC 
‘The WP Prayer WordPress plugin before 1.6.2 provides the 
functionality to store requested prayers/praises and list them on a 
WordPress website. These stored prayer/praise requests can be 
listed by using the WP Prayer engine. An authenticated not yet CVE-2021-24313 
Wha phess <= wOLapIese WordPress user with any role can fill in the form to request a 2021-06-01 | -aiculated |CONFIRM 
prayer. The form to request prayers or praises have several fields. 
The 'prayer request’ and 'praise request’ fields do not use proper 
input validation and can be used to store XSS payloads. 
The wp_ajax_upload-remote-file AJAX action of the External nat vet CVE-2021-24311 
wordpress -- wordpress Media WordPress plugin before 1.0.34 was vulnerable to arbitrary || 2021-06-01 bere CONFIRM 
file uploads via any authenticated users. MISC 
The WP Super Cache WordPress plugin before 1.7.3 did not not vet CVE-2021-24329 
wordpress -- wordpress properly sanitise its wp_cache_location parameter in its settings, 2021-06-01 aateuleted CONFIRM 
which could lead to a Stored Cross-Site Scripting issue. MISC 
‘The Funnel Builder by CartFlows a€“ Create High Converting 
Sales Funnels For WordPress plugin before 1.6.13 did not sanitise CVE-2021-24330 
wordpress -- wordpress its facebook_pixel_id and google_analytics_id settings, allowing 2021-06-01 not yet CONFIRM 
high privilege users to set XSS payload in them, which will either calculated MISC. 
be executed on pages generated by the plugin, or the whole haere 
website depending on the settings used. 
‘The Smooth Scroll Page Up/Down Buttons WordPress plugin 
wordpress -- wordpress before 1.4 did not properly sanitise and validate its settings, such not yet CVE-2021-24331 
as psb_distance, psb_buttonsize, psb_speed, only validating them|| 2021-06-01 calculated CONFIRM 
client side. This could allow high privilege users (such as admin) MISC 
to set XSS payloads in them 
‘The Content Copy Protection & Prevent Image Save WordPress CVE-2021-24333 
wordpress -- wordpress plugin through 1.3 does not check for CSRF when saving its not yet MISC 
settings, not perform any validation and sanitisation on them, 2021-06-01 calculated MISC 
allowing attackers to make a logged in administrator set arbitrary CONFIRM 
XSS payloads in them. MISC 
‘The Car Repair Services & Auto Mechanic WordPress theme CVE-2021-24335 
wordpress -- wordpress before 4.0 did not properly sanitise its serviceestimatekey search 2021-06-01 not yet MISC 
parameter before outputting it back in the page, leading to a calculated |MISC 
reflected Cross-Site Scripting issue CONFIRM 
The Bello - Directory & Listing WordPress theme before 1.6.0 did CVE-2021-24319 
wordpress -- wordpress not properly sanitise its post_excerpt parameter before outputting 2021-06-01 not yet Max = 
it back in the shop/my-account/bello-listing-endpoint/ page, calculated CONFIRM 
leading to a Cross-Site Scripting issue a 
csc CVE-2021-24316 
‘The search feature of the Mediumish WordPress theme through meas 
Crd niess 2 WOMPISSs 1.0.47 does not properly sanitise it's 's' GET parameter pee 2021-06-01 none: | Eee 
output it back the page, leading to the Cross-Slte Scripting issue calculated (MISC 
: i CONFIRM 
‘The Database Backup for WordPress plugin before 2.4 did not CVE-2021-24322 
wordpress -- wordpress escape the backup_recipient POST parameter in before output it 2021-06-01 not yet MISC... 
back in the attribute of an HTML tag, leading to a Stored Cross- calculated CONFIRM 
Site Scripting issue. ranaore 
The Bello - Directory & Listing WordPress theme before 1.6.0 did 
wordpress -- wordpress not sanitise the bt_bb_listing_field_price_range_to, not yet CVE-2021-24321 
bt_bb_listing_field_now_open, bt_bb_listing_field_my_lIng, 2021-06-01 saiculated CONFIRM 
listing_list_view and bt_bb_listing_field_my_lat parameters before MISC 
using them in a SQL statement, leading to SQL Injection issues 
The Bello - Directory & Listing WordPress theme before 1.6.0 did 
not properly sanitise and escape its listing_list_view, 
bt_bb_listing_field_my_lat, bt_bb_listing_field_my_Ing, 
wordpress -- wordpress bt_bb_listing_field_distance_value, not yet CVE-2021-24320 
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, 2021-06-01 éaleulaied CONFIRM 
bt_bb_listing_field_location_autocomplete, MISC 
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wordpress -- wordpress 


The Listeo WordPress theme before 1.6.11 did not ensure that the 
Post/Page and Booking to delete belong to the user making the 
request, allowing any authenticated users to delete arbitrary 
page/post and booking via an IDOR vector. 


2021-06-01 


not yet 
calculated 


CVE-2021-24318 
CONFIRM 
MISC 








wordpress -- wordpress 


‘The Listeo WordPress theme before 1.6.11 did not properly 
sanitise some parameters in its Search, Booking Confirmation and 
Personal Message pages, leading to Cross-Site Scripting issues 


2021-06-01 


not yet 
calculated 





CVE-2021-24317 
MISC 
CONFIRM 








wordpress -- wordpress 


The parameters $cache_path, $wp_cache_debug_ip, 
$wp_super_cache_front_page_text, $cache_scheduled_time, 
$cached_direct_pages used in the settings of WP Super Cache 
WordPress plugin before 1.7.3 result in RCE because they allow 
input of '$' and '\n'. This is due to an incomplete fix of CVE-2021- 
24209. 


2021-06-01 


not yet 
calculated 


CVE-2021-24312 
CONFIRM 








wordpress -- wordpress 


‘The Photo Gallery by 10Web - Mobile-Friendly Image Gallery 
WordPress plugin before 1.5.67 did not properly sanitise the 
gallery title, allowing high privilege users to create one with XSS 
payload in it, which will be triggered when another user will view 
the gallery list or the affected gallery in the admin dashboard. This 
is due to an incomplete fix of CVE-2019-16117 


2021-06-01 


not yet 
calculated 


CVE-2021-24310 
CONFIRM 








wordpress -- wordpress 


The "Schedule Name" input in the Weekly Schedule WordPress 
plugin before 3.4.3 general options did not properly sanitize input, 
allowing a user to inject javascript code using the <script> HTML 
tags and cause a stored XSS issue 


2021-06-01 


not yet 
calculated 


CVE-2021-24309 
CONFIRM 








Xnio -- xnio 


A vulnerability was discovered in XNIO where file descriptor leak 
caused by growing amounts of NIO Selector file handles between 
garbage collection cycles. It may allow the attacker to cause a 
denial of service. It affects XNIO versions 3.6.0.Beta1 through 
3.8.1.Final. 


2021-06-02 


not yet 
calculated 


CVE-2020-14340 
MISC 








xstream -- xstream 


### Impact The vulnerability may allow a remote attacker has 
sufficient rights to execute commands of the host only by 
manipulating the processed input stream. No user is affected, who 
followed the recommendation to setup XStream's security 
framework with a whitelist limited to the minimal required types. 
### Patches If you rely on XStream's default blacklist of the 
Security Framework, you will have to use at least version 1.4.17. 
### Workarounds See [workarounds](https://x- 
stream.github.io/security.html#workaround) for the different 
versions covering all CVEs. #### References See full information 
about the nature of the vulnerability and the steps to reproduce it 
in XStream's documentation for [CVE-2021-xxxxx](https://x- 
stream.github.io/CVE-2021-xxxxx.html). ### Credits V3geB 1rd, 
white hat hacker from Tencent Security Response Center found 
and reported the issue to XStream and provided the required 
information to reproduce it. ### For more information If you have 
any questions or comments about this advisory: * Open an issue 
in [XStream](https://github.com/x-stream/xstream/issues) * Email 
us at [XStream Google Group] 
(https://groups.google.com/group/xstream-user) 


2021-05-28 


not yet 
calculated 


CVE-2021-29505 
CONFIRM 








xwiki -- xwiki 


### Impact A user without Script or Programming right is able to 
execute script requiring privileges by editing gadget titles in the 
dashboard. ### Patches The issue has been patched in XWiki 
12.6.7, 12.10.3 and 13.0RC1. ### Workarounds There's no easy 
workaround for this issue, it is recommended to upgrade XWiki. 
### References https://jira.xwiki.org/browse/XWIKI-17794 ### For 
more information If you have any questions or comments about 
this advisory: * Open an issue in [JIRA](https://jira.xwiki.org) * 
Email us at [XWiki security mailing-list](mailto:security@xwiki.org) 


2021-05-28 


not yet 
calculated 


CVE-2021-32621 
CONFIRM 








xwiki -- xwiki 


### Impact A user disabled on a wiki using email verification for 
registration can re-activate himself by using the activation link 
provided for his registration. ### Patches The problem has been 
patched in the following versions of XWiki: 11.10.13, 12.6.7, 
12.10.2, 13.0. ### Workarounds It's possible to workaround the 
issue by resetting the ‘validkey’ property of the disabled XWiki 
users. This can be done by editing the user profile with object 
editor. ### References https://jira.xwiki.org/browse/XWIKI-17942 
### For more information If you have any questions or comments 
about this advisory: * Open an issue in [Jira](http://jira.xwiki.org) * 
Email us at [Security mailing-list](mailto:security@xwiki.org) 


2021-05-28 


not yet 
calculated 


CVE-2021-32620 
MISC 
CONFIRM 








yzmcms -- yzmcems 


An issue was discovered in YzmCMS 5.8. There is a SSRF 
vulnerability in the background collection management that allows 
arbitrary file read. 


2021-06-03 


not yet 
calculated 





CVE-2020-35970 
CONFIRM 








yzmcms -- yzmems 











A storage XSS vulnerability is found in YZmCMS v5.8, which can 
be used by attackers to inject JS code and attack malicious XSS 
on the /admin/system_manage/user_config_edit.html page. 








2021-06-03 





not yet 
calculated 











ICVE-2020-35971 
MISC 
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